#23044: Don't allow GIO supported protocols by default
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: closed
Priority: Immediate | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution: fixed
Keywords: tbb-proxy-bypass | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by gk):
* status: new => closed
* priority: Medium => Immediate
* keywords: tbb-gitian => tbb-proxy-bypass
* resolution: => fixed
* severity: Normal => Blocker
Old description:
> The mingw-w64 repo contains the binary `stdole2.tlb` which is needed for
> building Tor Browser (see: 17e09279acf8b7f44d731c9a65541a474af4f1b5). It
> turns out we can do better than relying on that binary blob and create
> that typelib during build time.
New description:
Firefox allows passing URLs along to the OS (by a whitelist) which is
dangerous. We should avoid that.
--
Comment:
Fixes pushed to `tor-browser-52.2.0esr-7.5-1` (commit
a96f898e0da42de751a5e1367a9899cc96fadb1f) and `tor-
browser-52.2.0esr-7.0-1` (commit
720f9061496321aa978d2f022113c40e9aeb4847). They will show up in the next
releases, 7.0.3 and 7.5a3.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23044#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs