[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?



With this blog entry:

https://blog.torproject.org/blog/new-tor-browser-bundles-security-release

It claims 2.2.35-11 fixes a problem posted here:

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs

With Tor Browser Bundle (2.2.35-11); suite=linux installed, I read where it
was fixed in the changelog:

From: ~/tor-browser_en-US/Docs/changelog:

* New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)

But when running this new bundle version, network.websocket.enabled
remains set at true.

How was this patched when the value remains set as true? Shouldn't the
above value now be set at false?

The former blog post, prior to the recent release, states:

"To fix this dns leak/security hole, follow these steps:

Type ?about:config? (without the quotes) into the Firefox URL bar. Press
Enter.
Type ?websocket? (again, without the quotes) into the search bar that
appears below "about:config".
Double-click on ?network.websocket.enabled?. That line should now show
?false? in the ?Value? column."

Unless this was patched elsewhere in the browser (if so, where?) how has
Tor Browser Bundle (2.2.35-11); suite=linux
been patched to resolve this issue when the same field,
?network.websocket.enabled? appears as true in this new release?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk