[tbb-bugs] #30141 [Applications/Tor Browser]: Double-check exoplayer library for vulnerabilities

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 11 20:35:59 UTC 2019

#30141: Double-check exoplayer library for vulnerabilities
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  task                      |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-mobile
Actual Points:                            |  Parent ID:  #30139
       Points:                            |   Reviewer:
      Sponsor:                            |
 The exoplayer library currently used (r2.4.0) is rather old (latest stable
 is r2.9.6) and Mozilla has already found some defects with the help of
 coverity that should get fixed (see:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1371247). There are potential
 security bugs that got fixed between r2.4.0 and r2.9.6 that we should pick
 up as well.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30141>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list