[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13893 [Tor Browser]: Torbrowser crashes on start when using MS EMET 5.x

#13893: Torbrowser crashes on start when using MS EMET 5.x
-------------------------------------------------+-------------------------
 Reporter:  Diapolo                              |          Owner:  gk
     Type:  defect                               |         Status:
 Priority:  High                                 |  needs_revision
Component:  Tor Browser                          |      Milestone:
 Severity:  Blocker                              |        Version:
 Keywords:  tbb-security, TorBrowserTeam201601,  |     Resolution:
  GeorgKoppen201601                              |  Actual Points:
Parent ID:                                       |         Points:
  Sponsor:  SponsorU                             |
-------------------------------------------------+-------------------------
Changes (by bugzilla):

 * keywords:
     tbb-crash, tbb-usability-stoppoint-app, TorBrowserTeam201601,
     GeorgKoppen201601
     => tbb-security, TorBrowserTeam201601, GeorgKoppen201601
 * severity:  Normal => Blocker


Comment:

 Sorry for spam, but Mozilla fixed its bug, stated in comment:16, in FF 44b
 and later: https://hg.mozilla.org/releases/mozilla-beta/rev/71d087ecddc0
 So, disabling IOInterposer was right solution.
 But, as stated in comment:19, AvailableMemoryTracker is another bad stuff
 from Mozilla and can be disabled too - proof:
 Only two craps from all the FF code use WindowsDllInterceptor, which is an
 interceptor (by name too :) that means "hacking" technique is used. This
 is unacceptable by any security mitigation tool, such as EMET.
 EMET closes Tor Browser when detects security hole in it that can be
 exploited by SimExecFlow technique. So, it is not a crash, but security
 threat.
 Usability of Tor Browser = zero in secured environments (protected by EMET
 or else), so severity is set to blocker (because EMET blocks unsecured TBB
 and this blocks TBB from using).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13893#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs