[tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 19 21:36:53 UTC 2016


#17895: Tor Browser Bundle installer subject to DLL hijacking
-------------------------------------------------+-------------------------
 Reporter:  ericlaw                              |          Owner:  boklm
     Type:  defect                               |         Status:
 Priority:  High                                 |  assigned
Component:  Applications/Tor Browser             |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-gitian, tbb-security,            |     Resolution:
  TorBrowserTeam201604                           |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:21 anon]:
 > Does the Firefox update process use this installer wrapper? perhaps with
 special parameters? Or is this upgrade path completely unaffected...

 The update process does not use an NSIS-based installer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17895#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list