[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Security in Tor Browser related to Firefox ESR
Ok thanks. I checked the blog today and saw that 3.5.2 was released. I
didn't get any announcement. Why not announce the releases through
tor-announce? I'm subscribed to that but I didn't get any notice. Is there
a list or RSS feed where just releases are announced? I don't want a lot of
emails. I don't plan to stay subscribed to tor-talk (there are lots of
things that just don't concern me) but for now I am and I didn't get a
notice of the new release on this list either.
On Thu, Feb 6, 2014 at 6:18 AM, Rick <rerushg@xxxxxxxxx> wrote:
> On 02/06/2014 02:05 AM, Soul Plane wrote:
>> Yesterday I received a security alert that Firefox ESR was updated to
>> I am wondering if since Tor Browser is based on Firefox ESR it is now
>> subject to security vulnerabilities? When you release the Tor Browser
>> Bundle do you identify the version (24.2, 24.3,etc) of Firefox that it is
>> based on?
>> When Firefox patches vulnerabilities in the ESR product and makes a new
>> release do you do the same? I took a look at the git for Tor Browser and I
>> can't tell whether or not it integrates whatever changes are in Firefox
> New releases are announced here and in the website blog. Changes are
> mentioned and a link to the changelog is provided. That shows that we've
> been in 24.2 since mid-December and 24.3 will appear with TBB 3.5.2, due
> for release within the next week or so (I presume).
> Are we 'now subject to security vulnerabilities'? Sure! And we'll be
> subject to the yet-unknown vulnerabilities of 24.3 when it's released in
> TBB. It's a work in progress.
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to