[tbb-bugs] #22041 [Applications/Tor Browser]: libmozsandbox.so error on Debian jessie amd64 after upgrading to 7.0a3

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 24 23:04:06 UTC 2017

#22041: libmozsandbox.so error on Debian jessie amd64 after upgrading to 7.0a3
 Reporter:  dcf                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,        |  Actual Points:
  TorBrowserTeam201704                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by mcs):

 dcf – thanks for the files.
 Kathy and I have not been able to prove it yet, but our current theory is
 that there is an error in a patch we applied to the `backup_restore()`
 function within `toolkit/mozapps/update/updater/updater.cpp`. We added an
 `lstat` call but passed it the path of the original file (e.g., `/home/mcs
 /tor-browser_en-US/Browser/firefox`) instead of the path to the backup
 file that is supposed to be restored (`/home/mcs/tor-browser_en-
 US/Browser/firefox.moz-backup`). This will cause `backup_restore()` to
 return early and not restore the backed up file. Some files are
 successfully patched during the failed incremental update, so this bug
 causes the original (7.0a2) files to not be put back in place. We will try
 to confirm this tomorrow.

 We also need to think about the implications, e.g., how many people are
 affected? If we are correct in our analysis, this is not a new bug. But it
 is possible that older browsers managed to start up and run even with
 mixed up files. However, I find that somewhat unlikely, so maybe most
 people have left staged updates enabled (no .moz-backup files are needed
 in that case). Windows users are not affected because the code we added is
 there to support symlinks (OSX and Linux).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22041#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list