[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8342 [TorBrowserButton]: Site update & Plugin update - TorButton 1.5
#8342: Site update & Plugin update - TorButton 1.5
------------------------------+---------------------------------------------
Reporter: sekesey | Owner: mikeperry
Type: task | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by sekesey):
Replying to [comment:5 mikeperry]:
> We've had to rely on direct patches to Firefox even to preserve basic
proxy security. This makes it unsafe to attempt to use any non-TBB Firefox
at the moment. See:
> https://www.torproject.org/projects/torbrowser/design/#proxy-obedience
and
> https://www.torproject.org/projects/torbrowser/design/#firefox-patches
Thats awfully bad. Are they aware about this, like, are any of these
reported on bugzilla? If not i could do that. But, coming from
TorButton/TorBrowser Dev-team might get more attention rather than just a
newbie account reporting them. But, i can if you want.
Its weird how Firefox keeps rolling out new versions so fast, but is not
concerned about basic security issues. FF 19 now comes with WebRTC which
is great, but with security flaws it ruins it. Their are even talks about
syncing & strongly integrating plugin SDK releases with FF release v21
(May2013) onwards. And, the plugin sdk will lack backward compatibility
with older FF versions.
It will be beneficial for TB/TBB if the patches are done upstream, as they
will also get incorporated in future builds of FF. Otherwise, patching
newer versions of FF will get more & more difficult.
http://www.h-online.com/open/news/item/Firefox-s-Add-on-SDK-future-mapped-
out-1813367.html
So, along with the fund raiser campaign, there is pressing need to make
people aware that Firefox(& derivatives) is not a safe browser. If public
awareness increases, Firefox dev-team will be obligated to patch these
serious security flaws directly into the main code. That would be helpful
to a very large set of users and will also make it possible to just
require to maintain the TorButton (instead of whole Browserbundle). Or,
maybe if all flaws are fixed, there wont be even need for plugin, changing
proxy setting would be enough.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8342#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs