[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 12 Oct 2017 14:16:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Oct 2017 10:16:19 -0400
In-reply-to: <049.d0c78b14fbe7d7576f02001744dd0ca1@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.d0c78b14fbe7d7576f02001744dd0ca1@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7501: Audit PDF.js
--------------------------------------+--------------------------
 Reporter:  mikeperry                 |          Owner:  gk
     Type:  task                      |         Status:  assigned
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 According to the top comment in this thread on HN
 https://news.ycombinator.com/item?id=15167104

 > PDFium used by Chrome internally uses Foxit PDF library to read and
 extract information from the PDF.
 >
 > Google basically bought Foxit's library and open sourced it - but looks
 like the open source version isn't keeping up with the upstream commercial
 version of Foxit because the latest Foxit reader doesn't seem to have this
 bug.

 If this is true, and the commercial version is years ahead of the open
 source version in terms of security fixes, then it's a serious security
 issue. One wonders why they didn't go for Evince which was always open
 source and cross-platform. Anyway, one should keep that in mind and if
 possible lobby Mozilla to look into this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7501#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21509 [Core Tor/Tor]: Fuzz v3 hidden services
Next by Author: Re: [tor-bugs] #23783 [Core Tor/Tor]: Can't build Tor 0.3.2.2-alpha with mingw32 on Windows 7
Previous by thread: Re: [tor-bugs] #22733 [Metrics/Library]: Use parameterized tests instead of repeated methods
Next by thread: [tor-bugs] #23835 [Applications/Tor Browser]: XML Parsing Errors still exist
Index(es):
- Author
- Thread