[tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 19 20:11:27 UTC 2016
#17895: Tor Browser Bundle installer subject to DLL hijacking
-------------------------------------------------+-------------------------
Reporter: ericlaw | Owner: boklm
Type: defect | Status:
Priority: High | assigned
Component: Applications/Tor Browser | Milestone:
Severity: Major | Version:
Keywords: tbb-gitian, tbb-security, | Resolution:
TorBrowserTeam201604 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anon):
Thank you for the detailed reply!
I have not dug into the details of Tor Browser GUI -> Open Menu -> Options
-> Advanced -> Update [auto update enabled by default].
Does the Firefox update process use this installer wrapper? perhaps with
special parameters? Or is this upgrade path completely unaffected...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17895#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list