[tor-bugs] #18017 [Tor Browser]: Switch to NSS to mitigate SLOTH attack (CVE-2015-7575)

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 7 20:02:04 UTC 2016

#18017: Switch to NSS to mitigate SLOTH attack (CVE-2015-7575)
     Reporter:  gk       |      Owner:  tbb-team
         Type:  task     |     Status:  new
     Priority:  Very     |  Milestone:
  High                   |    Version:
    Component:  Tor      |   Keywords:  tbb-security, TorBrowserTeam201601,
  Browser                |  tbb-5.5
     Severity:           |  Parent ID:
  Critical               |    Sponsor:
Actual Points:           |
       Points:           |
 Mozilla thinks backporting the fix for CVE-2015-7575 is not important
 enough and does not do it. I think giving our context we should do it,
 though. Let's try switching to NSS in the next release (end of

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18017>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list