[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Is Tor Browser 5.5.1 vulnerable to any of the graphite font vulnerabilities?



I received a Firefox ESR vulnerability notice today [1] that basically says
some vulnerabilities in libgraphite were fixed in 38.6.1, released today.
The digital signature is for the 10th. Some of the issues were first
disclosed on Feb 5 [2] which is around Tor Browser 5.5.1 was released. I'm
not sure when the other smart font issue was first disclosed.

In the tor browser blog comments on the 10th someone said graphite font
rendering is vulnerable [3] but I can't tell if he's talking about in 5.5.1
or before.

I cannot find a list of vulnerability notices for Tor Browser (why not?
seems like it would be good to have). I assume it somewhat mirrors Firefox
ESR. Based on the information about this, which looks exploitable, I would
like to know if Tor Browser 5.5.1 is vulnerable. Thanks


[1]: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
[2]:
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
[3]:
https://blog.torproject.org/blog/tor-browser-551-released#comment-155968
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk