[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Torbutton 1.1.17-alpha released

To: or-talk@xxxxxxxxxxxxx
Subject: Torbutton 1.1.17-alpha released
From: Mike Perry <mikeperry@xxxxxxxxxx>
Date: Mon, 17 Mar 2008 12:40:26 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 17 Mar 2008 15:40:35 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

The 1.1.17 alpha release of the Torbutton Firefox extension is out.
Those of you who have installed 1.1.14 or later can upgrade by going
to the Firefox 'Addons' Menu and clicking 'Check for Updates'. 
Otherwise, download a copy via: https://torbutton.torproject.org/dev/

The major enhancements include less annoying (I hope) window
resizing, fixes for installed extension/chrome disclosure issues,
and application of the javascript hooks to javascript: urls.


***NOTE***: The Date hooks are still unmaskable, which means a
determined adversary still can get access to your real timezone.

If concealing your timezone is important to you (and you subscribe to
the 'Just because you're paranoid doesn't mean they AREN'T after you'
school of thoughti :), you can achieve protection against an active
adversary under Linux by setting the TZ environment variable to 'UTC'
before launching Firefox. I have not tested if this (or an equivalent
variable) works for Windows or MacOS. It would be nice if someone who
uses those systems regularly could let me know so I can update the
website documentation. You can check by visiting
http://gemal.dk/browserspy/date.html with Tor disabled.


Other than that, I think we are starting to get close to a stable
release. The next release will probably be 1.2.0-rc.


Here's the changelog for 1.1.17 and 1.1.16 (since I skipped the
announcement for 1.1.16):

1.1.7
  15 Mar 2008
  * bugfix: Improve chrome disclosure protection (patch from Greg
    Fleischer)
  * bugfix: Block network access from file urls to workaround Firefox
    'Content-Disposition' file stealing attack (found/fixed by Greg)
  * bugfix: Apply Javascript hooks to javascript: urls (found by Greg)
  * bugfix: Improve Torbutton chrome concealment (found by Greg)
  * bugfix: Use 127.0.0.1 instead of localhost for IPv6 users
  * bugfix: Don't resize maximized windows
  * misc: Improve window resizing to only resize on document load,
    and to try to address drift by remembering window sizes
  * misc: Clear session history if clear history on tor toggle is set
  * new: Remove history hooks in favor of nsISHistoryListeners that
    prevent history navigation from alternate Tor states

1.1.16
  03 Mar 2008
  * bugfix: Fix yet more javascript unmasking issues found by Greg.
    Date is still unmaskable.
  * bugfix: Close tabs *before* toggling proxy settings if pref is
    set.
  * bugfix: Fix a couple exceptions thrown on resizing and plugin
    canceling




-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgp95k6VV0xUr.pgp
Description: PGP signature

Follow-Ups:
- Re: Torbutton 1.1.17-alpha released
  - From: bao song

Prev by Author: Re: Tor and Firefox 3
Next by Author: Tor Project accepted to Google Summer of Code 2008!
Previous by thread: Re: [ANN] Vidalia and Mixminion repository for ubuntu
Next by thread: Re: Torbutton 1.1.17-alpha released
Index(es):
- Author
- Thread