Cain Ungothep: >> I would >> like to know if Tor Browser 5.5.1 is vulnerable. Thanks > > Looks like it is: > > https://gitweb.torproject.org/builders/tor-browser-bundle.git/commit/?id=7a36dbece35a307675f396a019dccf6e431efb44 > > That build corresponds to a branch which includes the commit that > supposedly fixed bug 1246093, and this commit was only pushed less than > 48 hours ago. Indeed. We plan to get at least a new stable version (5.5.2) out today which is based on Firefox ESR 38.6.1. Mozilla released 38.6.1 just to address the Graphite vulnerabilities. > NOTE: Torbutton's security slider at level "High" says "Some font rendering > features are disabled" and "[...] The Graphite font rendering mechanism > is disabled." It would be good to know if this prevents the > vulnerability. Yes. Both on "High" and "Medium-High" Graphite font rendering is disabled. Georg >> [1]: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/ >> [2]: >> http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html >> [3]: >> https://blog.torproject.org/blog/tor-browser-551-released#comment-155968
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk