Torbutton 1.2.0rc1 released
kyle.kwilliams at gmail.com
Tue Jun 3 23:03:55 UTC 2008
Thank you Mike! Your hard work is appreciated by many.
On Tue, Jun 3, 2008 at 4:00 PM, Mike Perry <mikeperry at fscked.org> wrote:
> The first release candidate for the next stable series of the
> security-enhanced Torbutton Firefox extension has been released. This
> release features functional support for Firefox 3. However, this
> support has not been extensively tested. In particular, timezone
> masking does not work at all. The workaround is to manually set the
> environment variable 'TZ' to 'UTC' before starting Firefox. This works
> on both Linux and Windows.
> Firefox 3 users should keep a close eye on Torbutton. In particular,
> the new Places history database code is connected to all sorts of
> different parts of the browser, and it is unknown if 'disabling
> history' actually prevents disk writes for many parts of its database.
> It is also possible this code may perform strange network accesses at
> odd times as well (the 'Livemarks' code is one case of this that has
> known issues). Please keep an eye on your Vidalia window. Adventurous
> users can also run wireshark, and/or help with the disk access
> auditing by running Process Monitor on their Windows systems:
> A list of other Firefox bugs known to impact Torbutton security can be
> found at: https://torbutton.torproject.org/dev/design/#FirefoxSecurity
> Here is the complete changelog for 1.2.0rc1:
> * general: FF3 should now be functional, but timezone masking is not
> * bugfix: Fix Places/history component hooking in FF3
> * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
> if history writes are disabled.
> * bugfix: General component hooking fixes for FF3
> * bugfix: Block favicon leaking in FF3
> * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
> * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
> * bugfix: Properly reset cookie lifetime policy when user changes
> cookie handling options.
> * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
> * bugfix: navigator.oscpu hooking was broken in 1.1.18
> * bugfix: Try to prevent alleged 0x0 windows on crash recovery
> * bugfix: Attempt to block livemarks updates during Tor. Only
> partial fix. Not possible to cancel existing Livemarks timer (one fetch
> will still happen via Tor before disable). See Firefox Bug 436250
> * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
> mimetypes just in case our custom full page blocking code fails
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-talk