[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #25916 [Applications/Tor Browser]: Disable MOZ_DISABLE_CONTENT_SANDBOX

To: undisclosed-recipients: ;
Subject: [tor-bugs] #25916 [Applications/Tor Browser]: Disable MOZ_DISABLE_CONTENT_SANDBOX
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 25 Apr 2018 16:09:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Apr 2018 12:10:10 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25916: Disable MOZ_DISABLE_CONTENT_SANDBOX
------------------------------------------+----------------------
     Reporter:  tom                       |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  ff60-esr
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 MOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content
 sandbox.  If an attacker can influence this, we're probably already sunk,
 but just like we disable the "Dump all your TLS Session Keys here please"
 environment variable, we should disable this one too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25916>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #25704 [Core Tor/Nyx]: nyx package not in debian stretch
Next by Author: Re: [tor-bugs] #19805 [Internal Services/Tor Sysadmin Team]: provide more onion services
Previous by thread: [tor-bugs] #25915 [Applications/Tor Browser]: TBA - Audit menu UI
Next by thread: [tor-bugs] #25917 [Applications/Tor Browser]: TBA - Audit Suggested Site
Index(es):
- Author
- Thread