[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS



#31019: Investigate update on Windows via BITS
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  task                 |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  ff68-esr, tbb-update,
     Severity:  Normal               |  tbb-proxy-bypass
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 It seems there is coming a new update method for Windows users with
 Firefox 68 ESR which is called BITS (Background Intelligent Transfer
 Service), which is a Windows component.[1] The marketing promise is that
 "This change will allow Firefox to continue downloading an update
 after Firefox has been closed." [2]  which seems to be dangerous in the
 Tor Browser context.

 There is a pref we can flip, though to use the older internal updater [3].
 However, we should make sure the potential proxy bypass I am seeing here
 is actually mitigated by that.

 [1] https://www.ghacks.net/2019/06/24/firefox-will-use-bits-on-windows-
 for-updates-going-forward/
 [2]
 https://groups.google.com/forum/#!topic/mozilla.dev.platform/PCzoYCfi_fk
 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1553977

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31019>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs