[tor-bugs] #19976 [HTTPS Everywhere/EFF-HTTPS Everywhere]: HTTPS Everywhere tries to load a library with an empty name
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 25 11:55:34 UTC 2016
#19976: HTTPS Everywhere tries to load a library with an empty name
-------------------------------------------------------+------------------
Reporter: boklm | Owner: jsha
Type: defect | Status: new
Priority: Medium | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------------+------------------
The `NSS.initialize` function, called from `src/components/ssl-
observatory.js` with an empty argument, is trying to load a library with
an empty name.
This is possibly causing a DLL hijacking vulnerability in Tor Browser (see
#12736).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19976>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list