[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16744 [Tor Browser]: Update TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the wild
#16744: Update TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the
wild
-----------------------------+----------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: MFSA2015-78, CVE-2015-4495
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------------------
Comment (by cypherpunks):
https://twitter.com/wiretapped/status/630438666708627458 says the in-the-
wild malicious payload described in the mozilla blog is now public here:
https://pastebin.ubuntu.com/12030863/ and recommends setting
```pdfjs.disable```.
will that protect against this vulnerability?
has anyone considered building a (secure, auditable, etc) mechanism for
pushing out emergency configuration patches? there have been instructions
for mitigating many recent firefox bugs with about:config settings.
couldn't those be deployed automatically in a much more timely fashion
than tor browser updates?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16744#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs