[tor-bugs] #4234 [Tor Browser]: Investigate the Firefox update process

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 26 01:59:51 UTC 2014


#4234: Investigate the Firefox update process
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mcs
  mikeperry              |     Status:  accepted
         Type:  task     |  Milestone:  TorBrowserBundle 2.3.x-stable
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-bounty, tbb-usability,
  Browser                |  pantheon, chronos, tbb-firefox-
   Resolution:           |  patch,TorBrowserTeam201408,MikePerry201408R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 Ok, I took a look at this, and overall it looks good. I have two questions
 though:

 In browser/installer/removed-files.in, it looks like you deleted
 msvcr100.dll. What is the effect of this and why was it done? Does it
 exclude that file from removal/update?

 In toolkit/mozapps/update/updater/updater.cpp get_valid_path(), it looks
 like you allow symlink updates to specify paths in parent directories? Do
 we need to be worried about this? Can it be used by a rogue/broken MAR
 file to create symlinks outside of the TBB directory?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4234#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list