UPDATE 1-12-2016 – Firefox have now released a fix for this. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1
Market leading WordPress security company, Wordfence, today published this emergency bulletin for their customers and the larger web community.
“A few hours ago, a zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.”
“If you use Firefox, we recommend you temporarily switch browsers to Chrome, Safari or a non-firefox based browser that is secure until the Firefox dev team can release an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. There is no fix at the time of this writing.”
“This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked.”
The Firefox team are working on a fix, which should happen quite quickly.
Full technical details at https://www.wordfence.com/blog/2016/11/emergency-bulletin-firefox-0-day-wild/