[tor-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 12 18:51:49 UTC 2016
#18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575)
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
Type: task | team
Priority: Very High | Status:
Component: Tor Browser | needs_review
Severity: Critical | Milestone:
Keywords: tbb-security, | Version:
TorBrowserTeam201601R, tbb-5.5 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by mcs):
r=mcs, r=brade
The patch looks OK (it matches the one Mozilla applied to Firefox 43.0.x).
This security advisory claims this was Firefox in the ESR 38.5.2 release
but looking at the Mozilla code, I do not think it was:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18017#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list