[tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 28 10:53:50 UTC 2019
#31019: Investigate update on Windows via BITS
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: ff68-esr, tbb-update,
Severity: Normal | tbb-proxy-bypass
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
It seems there is coming a new update method for Windows users with
Firefox 68 ESR which is called BITS (Background Intelligent Transfer
Service), which is a Windows component.[1] The marketing promise is that
"This change will allow Firefox to continue downloading an update
after Firefox has been closed." [2] which seems to be dangerous in the
Tor Browser context.
There is a pref we can flip, though to use the older internal updater [3].
However, we should make sure the potential proxy bypass I am seeing here
is actually mitigated by that.
[1] https://www.ghacks.net/2019/06/24/firefox-will-use-bits-on-windows-
for-updates-going-forward/
[2]
https://groups.google.com/forum/#!topic/mozilla.dev.platform/PCzoYCfi_fk
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1553977
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31019>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list