[tor-bugs] #10946 [Applications/Tor Messenger]: Security configuration of Instantbird
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 5 17:03:05 UTC 2016
#10946: Security configuration of Instantbird
----------------------------------------+-------------------------
Reporter: sukhbir | Owner: sukhbir
Type: task | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Messenger | Version:
Severity: Normal | Resolution: fixed
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------+-------------------------
Changes (by arlolra):
* status: assigned => closed
* resolution: => fixed
* severity: => Normal
Old description:
> - Disable Instantbird's auto-updater and crash reporter
> - OTR is enabled by default and other non-OTR communication is disabled
> entirely
> - CA verification: TOFU? Pinning?
> - Disable older TLS/SSL suites
> - Ensure that all plugins are disabled (Java, Flash)
> - Ensure that there is a whitelist of the most popular Instantbird
> extensions that we have to check to see if they could introduce leaks
New description:
- ~~Disable Instantbird's auto-updater and crash reporter~~
- ~~OTR is enabled by default and other non-OTR communication is disabled
entirely~~
- CA verification: TOFU? Pinning?
- ~~Disable older TLS/SSL suites~~
- ~~Ensure that all plugins are disabled (Java, Flash)~~
- Ensure that there is a whitelist of the most popular Instantbird
extensions that we have to check to see if they could introduce leaks
--
Comment:
The majority of this is done (or no longer applicable re:updater).
Closing in favour of more specific / actionable tickets, where necessary.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10946#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list