A critical vulnerability resides in the fully-patched version of the Mozilla’s Firefox browser that could allow attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser’s HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5. The vulnerability was initially discovered Tuesday by a security expert that goes by the name of @movrcx, who described the attacks against Tor, estimating attackers would need US$100,000 to launch the attacks.
Source: https://thehackernews.com/2016/09/firefox-tor-mitm_18.html