[tbb-bugs] #12736 [Tor Browser]: DLL hijacking vulnerability in TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 7 04:54:20 UTC 2014


#12736: DLL hijacking vulnerability in TBB
-----------------------------+--------------------------
     Reporter:  underdoge    |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-security
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------

Comment (by mikeperry):

 Is it our use of the Portable-App style directory layout (where we reset
 env vars for PATH) that triggers this?

 If not, what else does vanilla Firefox do that makes them not vulnerable
 to this attack?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12736#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list