[tor-bugs] #16495 [Tor Browser]: Tor Browser 5.0a3 crashes with security level set to "High"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 24 07:17:01 UTC 2015
#16495: Tor Browser 5.0a3 crashes with security level set to "High"
-------------------------+-------------------------------------------------
Reporter: gk | Owner: mcs
Type: defect | Status: closed
Priority: | Milestone:
critical | Version:
Component: Tor | Keywords: tbb-crash, TorBrowserTeam201507R,
Browser | tbb-5.0a4
Resolution: fixed | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by mikeperry):
* status: needs_review => closed
* resolution: => fixed
Comment:
Hrmm. Yes, this is deeply concerning. The patch looked OK to me on the
surface so I merged it, but I agree that it seems impossible to be sure
all of these conditions are met.
It may be the case that we decide that disabling SVG increases the
vulnerability surface more than leaving it enabled. Given that there were
at least 3 explicitly named SVG vulns since Firefox 31 (and an known
number of SVG-related "memory safety hazards") in the Mozilla security
advisories, I don't think we're there yet, especially since this is the
first UAF issue for us.
If we hit another crash though, it might be time to reconsider. I spoke
with Giorgio some time ago about this, and he did think there might be a
way to do this via NoScript thanks to new web platform APIs, but I am also
doubtful that would be substantially cleaner.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16495#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list