A Javascript zero-day exploit currently being actively exploited in the wild is designed to remotely execute malicious code on the Windows operating system via memory corruption flaw in Firefox web browser.

The mailing list message reveals that the zero-day exploit affecting Firefox is currently being exploited against Tor Browser users by unknown attackers to leak the potentially identifying information of Tor users, officials of the anonymity service confirmed Tuesday.

Tor Browser Bundle is a repackaged version of Mozilla Firefox web browser that runs connections through the Tor anonymizing network configured to hide its user’s public IP address.

“[The exploit code] consists of one HTML and one CSS file, both pasted below and also de-obscured,” the author says. “The exact functionality is unknown, but it is getting access to VirtualAlloc in kernel32.dll and goes from there.”

Although security researchers are still analyzing the Tor exploit code, a disassembly of it shows the latest zero-day flaw is very similar to a separate Tor Browser exploit that emerged in 2013.

The 2013 exploit was the work of the United States FBI, which was targeting Tor users who accessed child pornography.

Although Mozilla is scrambling to patch the critical vulnerability, it is still unknown who is behind the current Javascript exploit.

“So it sounds like the immediate next step is that Mozilla finishes their patch for it then…a quick Tor Browser update and somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser,” Tor Project lead Roger Dingledine said.