[tor-bugs] #16514 [Tor Browser]: Tor Browser reset?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 7 13:31:46 UTC 2015


#16514: Tor Browser reset?
-------------------------+--------------------------
 Reporter:  ioerror      |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  critical     |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:  security     |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 I had a tor-browser-linux64-4.0.2_en unpacked and unused for a few months.
 I hoped to start it and then update it. This failed in a spectacular
 manner - I started it, it warned me that it was out of date - update was
 only by redirection to a download page. While downloading the browser, I
 noticed a prompt in the bottom of the browser window. It said something to
 the effect of "you haven't run Tor Browser in a while, clean up?" - this
 is when all hell broke loose. My profile was wiped and a new browser
 window popped up - looked very different. I closed it. Attempting to start
 Tor Browser after this point was impossible - it left me in a corrupt
 state.

 I think the new browser was likely configured to not use Tor - so this is
 possibly a spectacular failure. I didn't test but it should be possible to
 repro by setting the clock backwards, unpacking the right version of
 torbrowser, setting the clock to today and clicking on the cleanup button.

 Lunar suggests we need to do something with the browser.disableResetPrompt
 option.

 This is another example where having UnixSocket for SOCKS transport and a
 properly sandboxed browser would have saved us, I think. Then even if
 firefox is reconfigured, it fails closed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16514>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list