[tor-bugs] #16744 [Tor Browser]: Update TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the wild
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 9 22:14:11 UTC 2015
#16744: Update TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the
wild
-----------------------------+----------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: MFSA2015-78, CVE-2015-4495
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------------------
Comment (by cypherpunks):
https://twitter.com/wiretapped/status/630438666708627458 says the in-the-
wild malicious payload described in the mozilla blog is now public here:
https://pastebin.ubuntu.com/12030863/ and recommends setting
```pdfjs.disable```.
will that protect against this vulnerability?
has anyone considered building a (secure, auditable, etc) mechanism for
pushing out emergency configuration patches? there have been instructions
for mitigating many recent firefox bugs with about:config settings.
couldn't those be deployed automatically in a much more timely fashion
than tor browser updates?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16744#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list