[tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 18 04:16:16 UTC 2016
#17895: Tor Browser Bundle installer subject to DLL hijacking
-------------------------------------------------+-------------------------
Reporter: ericlaw | Owner: tbb-
Type: defect | team
Priority: High | Status: new
Component: Applications/Tor Browser | Milestone:
Severity: Major | Version:
Keywords: tbb-gitian, tbb-security, | Resolution:
GeorgKoppen201604, TorBrowserTeam201604 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dcf):
Replying to [comment:16 anon]:
> Is this blocked on upstream NSIS 2.49, NSIS 3.x update, lacking dev
time, or something else?
I think it's blocked on dev time.
If you're a developer, you can try and make a patch. Here is the guide to
working on the Tor Browser build system:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking.
It [https://gitweb.torproject.org/builders/tor-browser-
bundle.git/tree/gitian/descriptors/windows/gitian-
bundle.yml?id=tbb-6.0a4-build1 looks like] the build system is using the
[http://packages.ubuntu.com/precise/nsis nsis package from Ubuntu
precise], so you might have to find a way to instead use a backported more
recent version, or build from source.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17895#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list