[tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 22 21:04:26 UTC 2012
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by kaepora):
Replying to [comment:19 mikeperry]:
> kaepora: Is there a tag in your bugtracker so we can look over the bugs
found as a result of the audit?
The full audit report is available for download here:
https://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-
Report.pdf
>
> Also, if NSS is only used as a source of random bytes, you should
consider using https://developer.mozilla.org/en-
US/docs/XPCOM_Interface_Reference/nsIRandomGenerator. It uses NSS's PRNG
underneath. The reason to avoid jsctypes is because it increases the
vulnerability surface for sandboxed TBBs. We're pondering removing it if
we ever get a working sandbox (see #6152).
Thanks for this. Looks interesting and potentially beneficial. I will test
to see if we can implement it within our framework and let you know.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list