[tor-reports] September 2016 Report for the Tor Browser Team
Georg Koppen
gk at torproject.org
Tue Oct 4 10:48:00 UTC 2016
Hi all,
In September the Tor Browser team made three releases: Tor Browser
6.0.5[1], 6.5a3[2], and 6.5a3-hardened[3].
Tor Browser 6.0.5 got released ahead of schedule on September 16 to fix
a public security vulnerability in Firefox[4] that affected Tor Browser
as well. Additionally, with the switch to ESR 45.4.0 Tor Browser 6.0.5
closed a number of other serious Firefox vulnerabilities[5].
Furthermore, we included an updated Tor version (0.2.8.7) and
HTTPS-Everywhere 5.2.4 + minor enhancements and bug fixes.
The alpha releases (6.5a3 and 6.5a3-hardened) contain a number of
improvements in addition to those that made it into Tor Browser 6.0.5.
Noteworthy enhancements are unix domain socket support for Tor Browser
(on Linux and OS X a unix domain socket is used for controller <-> tor
connections by default)[6] and moving the Referer spoofing for .onion
domains out of Torbutton into Firefox code[7].
Apart from the above mentioned releases we mainly worked on SponsorU
related tickets and helped Mozilla upstreaming our patches. The full
list of tickets closed by the Tor Browser team in September is
accessible using the TorBrowserTeam201609 tag in our bug tracker[8].
For October no releases are scheduled. Rather, we intend to focus on our
remaining SponsorU tasks[9] and plan to address the unix domain socket
and signing related bugs that got uncovered by our alpha
releases[10][11][12]. If there is time to address further bug reports
and enhancement requests the tickets being on our radar for this month
can be seen with the TorBrowserTeam201610 tag in our bug tracker[13].
Georg
[1] https://blog.torproject.org/blog/tor-browser-605-released
[2] https://blog.torproject.org/blog/tor-browser-65a3-released
[3] https://blog.torproject.org/blog/tor-browser-65a3-hardened-released
[4] http://seclists.org/dailydave/2016/q3/51
[5] https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
[6] See: https://bugs.torproject.org/14270 and closed child tickets
14271, 14272, and 14273.
[7] https://bugs.torproject.org/17334
[8]
https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201609
[9]
https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201610&sponsor=SponsorU&order=priority
[10] https://bugs.torproject.org/20210
[11] https://bugs.torproject.org/20185
[12] https://bugs.torproject.org/20182
[13]
https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201610
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20161004/370731be/attachment.sig>
More information about the tor-reports
mailing list