[tbb-bugs] #19657 [Applications/Tor Browser]: ASan detects heap buffer overflow in Tor Browser 6.5a1 Hardened
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 10 20:41:57 UTC 2016
#19657: ASan detects heap buffer overflow in Tor Browser 6.5a1 Hardened
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-crash | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
I'm now quite confident this is caused by asmjs cache left over from the
previous TB version. Simply copying over an asmjs cache folder (tor-
browser/Browser/TorBrowser/Data/Browser/profile.default/storage/temporary/https+++www.facebook.com)
from a 6.0a5 hardened install to a 6.5a1 hardened install will trigger the
crash.
Updated steps to reproduce that work with totally fresh installs:
1. Install Tor Browser 6.0a5-hardened (the version before the current
version)
2. Navigate to https://www.facebook.com/messages/ (logging into a Facebook
account as required) and wait for it to fully load
3. Inside the Tor Browser, click the TorButton and initiate the automatic
update to 6.5a1 hardened
4. Restart the browser as requested
5. Again, navigate to https://www.facebook.com/messages/ and wait
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19657#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list