7 Apr
2014
7 Apr
'14
9:27 p.m.
On Mon, Apr 07, 2014 at 04:52:05PM -0400, Tom Ritter wrote:
This is a server-side attack, so clients don't need to make any change,
Unless somebody is certain that the bug can't be triggered against Tor clients to have them send arbitrary memory to Tor relays (including, say, past stream history), it seems like we do indeed want new TBBs.
I agree that it appears Tor Browser (which is based on libnss) is unaffected.
--Roger