[tbb-dev] Tag: sandboxed-tor-browser-0.0.12

Yawning Angel yawning at schwanenlied.me
Tue Aug 1 20:53:03 UTC 2017 

Hello,

I tagged sandboxed-tor-browser 0.0.12 just now.

Changes in version 0.0.12 - 2017-08-01:

 * Bug 22969: Disable the addon blocklist.
 * Bug 22984: Force IDNs to be displayed as punycode to thwart homograph
              attacks.
 * Bug 22967: Force disable crashdump reporting.
 * Bug 23058: Apply the SelfRando workaround to 7.5a3 as well.
 * Default disable `dom.securecontext.whitelist_onions`.

Rationale for the potentially controversial changes are as follows:

 * Disabling the addon blocklist is done to thwart Mozilla from
   attempting to disable extensions critical to Tor Browser
   functionality.

   While this would have a net negative impact on user security if
   non-standard addons had security problems that required emergency
   disabling, the sandbox was changed to exclude non-standard addons
   when creating the container as of 0.0.11.

   Enabling non-standard addons in the sandbox would require altering
   the source code and rebuilding.  Anyone who does that is on their
   own.

 * Forcing IDNs to be displayed as punycode is the mitigation for
   #21961.  Mozilla isn't fixing this, the Tor Browser developers are
   apparently busy, so the sandbox will do it.

 * Force disabling crashdump reporting is a pre-emptive opt out from
   the GSOC crash reporting project.  I do not have time to examine how
   crash dumps are sanitized, and until I do, I will treat them as
   a massive anonymity hazzard.

   Till crashdumps are enabled (hopefully as an opt-in with lots of
   warning labels), this will have no effect.

 * Default disabling `dom.securecontext.whitelist_onions` means that
   unless the user manually flips the pref, the `.onion` TLD will
   retain the existing 7.0.x behavior.

   As I've said before, I'm firmly against any changes that blur the
   line between Onion Services and TLS with a CA signed cert.  People
   are free to disagree, but I'm unlikely to change my mind.

   Till the pref is actually implemented, this will have no effect.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170801/dfe5c7b2/attachment.sig>

More information about the tbb-dev mailing list