So I've tracked down the root of the problem here: we're not currently building nor packaging wow_helper.exe with Tor Browser. This exe is a necessary part of the sandbox init process for Vista (but not newer Windows OSes)
I'm able to build locally with mingw via:
x86_64-w64-mingw32-g++ -m64 -municode -static -static-libgcc -static-libstdc++ -I../../.. *.cc -o wow_helper.exe
Dropping that exe into the Browser folder lets sandbox'd tabs work once more!
That said, getting this building with FF's build system and also updating RBM to work with the new dependencies requires some specialized knowledge I don't currently have, so any pointers on this front would be great.
Just spit-balling, but the main hurdles as I see them are as follows:
- firefox : wow_helper is built with special Makefile.in configuration file which temporarily overwrites the CXX, LIB and friends to point to the 64-bit MSVC compiler toolchain. We can probably do a similar thing here with x86_64-w64-mingw32-g++
- rbm : need to update the docker image to install the x86_64 version of the mingw toolchain.
- tor-browser : will need to update the nsis installer and possibly other things to properly include and deploy the wow_helper.exe
However, Chromium removed this entire code path back in 2016 when they dropped support for XP and Vista, and somewhere between version 52.6 and latest this code path was also removed in Firefox. So, depending on the timeline for updating Tor Browser to latest, we may just want to ignore this issue just do a simpler code patch that disables sandboxing all together for those under Windows 7.
best, -Richard