[tor-bugs] #16652 [Applications/Tor Browser]: Review vulnerability history from FF31 to FF45

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 6 12:06:59 UTC 2016 

#16652: Review vulnerability history from FF31 to FF45
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  gk
     Type:  task                                 |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  tbb-security, GeorgKoppen201607,     |  Actual Points:
  TorBrowserTeam201607                           |         Points:
Parent ID:                                       |        Sponsor:
 Reviewer:                                       |  SponsorU
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Here are the combined results showing the affected components up to and
 including ESR45. Counted are sec-high and sec-crit rated vulnerabilities.
 Components with a single issue are omitted. Subcomponents are merged in
 almost all cases but are visible in the attached documents.

 JS (GC + Engine) 57
 JS JIT 30
 asm.js 3
 Grpahics 38
 DOM 35
 Audio/Video 28 (MSE 2)
 Web Audio 8
 OpenH264 5
 WebRTC 20
 Networking 14
 ImageLib 13
 Canvas (WebGL + 2D) 9
 Plugins 9
 NSS 8
 CSS Parsing and Computation 8
 Application Update 6
 SVG 4
 XPConnect 4
 XPCOM 4
 Document Navigation 3
 HTML: Parser 3
 Autocomplete 2
 NSPR 2
 XBL 2
 IPC 2
 Widget: Gtk 2

 Ca. 220 CVEs were looked at.

 One interesting find is the Graphics component with 38 vulnerabilities
 which is missing in the original iSEC report. Maybe that corresponds to
 the `Undetermined 5` or there just have not been any vulnerabilities in
 that time frame. Anyway, the bulk of those vulnerabilities is related to
 Graphite (more than 50% of the bugs found in this component are related to
 that library) which is why we have using that library disabled by default.

 Another notable find is that MSEs are affected, too, by critical bugs and
 should thus be part of our security slider treatment as well (see: #19200
 for the respective bug).

 Apart from that I think we are fine with our current security slider
 settings even though bugs related to it exist, e.g. #19210.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16652#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list