[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?
From: ming@xxxxxxxxxxx
Date: Mon, 7 May 2012 05:30:40 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 May 2012 01:31:48 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tormail.org; s=tm; h=Message-Id:X-TorMail-User:Content-Transfer-Encoding:Content-Type:MIME-Version:To:From:Subject:Date; bh=S4CO5UwOhwIdE8WFCbXrjP5MeamJMkTzDP3BTH6BF2A=; b=VSe45SZqXOwKYLZRBxq/WXi5LHq9tJ8h7Aca6Qf9Pkq1c0Wi4oNTNmuDaxEGfg6dHzEtUTEmsrOaGFclB5GiBR5iMD6pM2739n+bfQIPdL+Sn11iy4Bdvo1SmllYq94M0mfcuC/RFhgi6dpcMh+URydSfpZXVQiI4kBHAfAYpqw=;
Importance: Normal
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

With this blog entry:

https://blog.torproject.org/blog/new-tor-browser-bundles-security-release

It claims 2.2.35-11 fixes a problem posted here:

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

With Tor Browser Bundle (2.2.35-11); suite=linux installed, I read where it
was fixed in the changelog:

From: ~/tor-browser_en-US/Docs/changelog:

* New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)

But when running this new bundle version, network.websocket.enabled
remains set at true.

How was this patched when the value remains set as true? Shouldn't the
above value now be set at false?

The former blog post, prior to the recent release, states:

"To fix this dns leak/security hole, follow these steps:

Type ?about:config? (without the quotes) into the Firefox URL bar. Press
Enter.
Type ?websocket? (again, without the quotes) into the search bar that
appears below "about:config".
Double-click on ?network.websocket.enabled?. That line should now show
?false? in the ?Value? column."

Unless this was patched elsewhere in the browser (if so, where?) how has
Tor Browser Bundle (2.2.35-11); suite=linux
been patched to resolve this issue when the same field,
?network.websocket.enabled? appears as true in this new release?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Torbutton-birdy version 0.0.2
Next by Author: [tor-talk] TBB Linux 32bit | 2.2.35-12 | OpenSSL to 1.0.1c but libssl.so.1.0.0 shown? +Torbutton/Scroogle
Previous by thread: Re: [tor-talk] Blocked HTTPS
Next by thread: Re: [tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?
Index(es):
- Author
- Thread