[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Reason Firefox version in TBB is so far behind?



On 8/2/2011 7:41 PM, Joe Btfsplk wrote:
On 8/2/2011 7:10 PM, Andrew Lewman wrote:
On Tuesday, August 02, 2011 19:55:48 Joe Btfsplk wrote:
Are there specific reasons for not using latest (or late-er) Firefox
versions in Tor Browser Bundle?  Is it primarily because the latest
version doesn't always work w/ Tor&  fixes must be developed for Tor to
deal w/ that?
It's the latest udpated Firefox 3.6 branch. FF4 branch has been killed and
replaced with 5.  We have FF5 testing bundles. See
https://blog.torproject.org/blog/new-tor-browser-bundles-3.
Thanks. I realize the latest stable TBB has FF 3.6. Is the reason for delay in updating to latest FF version always for testing - to see if Tor works properly? Firefox versions used in stable TBB have always run behind the latest FF release - sometimes several versions. This may well be unavoidable for TBB developers. My original question - how does this affect the security of TBB users?
_______________________________________________

No comments on security implications of using a Firefox version in TBB, that isn't up to date with security fixes (sometimes not even close)? I'm grateful for the work done to create TBB, but the mantra of security experts has always been, "ALWAYS keep your browser / OS updated w/ security patches."

As said, it may be unavoidable (currently) for TBB developers to integrate new FF versions quickly, but surely I'm not the 1st to wonder about security issues of using old browser versions. The testing bundles Andrew mentioned are fine for, well... testing, but not for general users. It's a long way & many fixes, from Firefox 3.6 to 5.0 / 5.0.1.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk