[tor-bugs] #18017 [Tor Browser]: Switch to NSS to mitigate SLOTH attack (CVE-2015-7575)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 12 18:51:49 UTC 2016

#18017: Switch to NSS to mitigate SLOTH attack (CVE-2015-7575)
 Reporter:  gk                                   |          Owner:  tbb-
     Type:  task                                 |  team
 Priority:  Very High                            |         Status:
Component:  Tor Browser                          |  needs_review
 Severity:  Critical                             |      Milestone:
 Keywords:  tbb-security,                        |        Version:
  TorBrowserTeam201601R, tbb-5.5                 |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:

Comment (by mcs):

 r=mcs, r=brade
 The patch looks OK (it matches the one Mozilla applied to Firefox 43.0.x).

 This security advisory claims this was Firefox in the ESR 38.5.2 release
 but looking at the Mozilla code, I do not think it was:

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18017#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list