Torbutton 1.2.0rc1 released

Kyle Williams kyle.kwilliams at gmail.com
Tue Jun 3 23:03:55 UTC 2008


Thank you Mike!  Your hard work is appreciated by many.

- Kyle


On Tue, Jun 3, 2008 at 4:00 PM, Mike Perry <mikeperry at fscked.org> wrote:

> The first release candidate for the next stable series of the
> security-enhanced Torbutton Firefox extension has been released. This
> release features functional support for Firefox 3. However, this
> support has not been extensively tested. In particular, timezone
> masking does not work at all. The workaround is to manually set the
> environment variable 'TZ' to 'UTC' before starting Firefox. This works
> on both Linux and Windows.
>
> Firefox 3 users should keep a close eye on Torbutton. In particular,
> the new Places history database code is connected to all sorts of
> different parts of the browser, and it is unknown if 'disabling
> history' actually prevents disk writes for many parts of its database.
> It is also possible this code may perform strange network accesses at
> odd times as well (the 'Livemarks' code is one case of this that has
> known issues). Please keep an eye on your Vidalia window. Adventurous
> users can also run wireshark, and/or help with the disk access
> auditing by running Process Monitor on their Windows systems:
> http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
>
> A list of other Firefox bugs known to impact Torbutton security can be
> found at: https://torbutton.torproject.org/dev/design/#FirefoxSecurity
>
> Here is the complete changelog for 1.2.0rc1:
>  * general: FF3 should now be functional, but timezone masking is not
>   operational
>  * bugfix: Fix Places/history component hooking in FF3
>  * bugfix: Disable Places database in FF3 via browser.history_expire_days=0
>   if history writes are disabled.
>  * bugfix: General component hooking fixes for FF3
>  * bugfix: Block favicon leaking in FF3
>  * bugfix: Enable safebrowsing updates in FF3 (it's finally HMACd. Yay).
>  * bugfix: Use Greg Fleischer's new useragent prefs in FF3.
>  * bugfix: Properly reset cookie lifetime policy when user changes
>   cookie handling options.
>  * bugfix: Fix 'Restore defaults' button issues with custom proxy settings
>  * bugfix: navigator.oscpu hooking was broken in 1.1.18
>  * bugfix: Try to prevent alleged 0x0 windows on crash recovery
>  * bugfix: Attempt to block livemarks updates during Tor. Only
>   partial fix. Not possible to cancel existing Livemarks timer (one fetch
>   will still happen via Tor before disable). See Firefox Bug 436250
>  * misc: Set plugin.disable_full_page_plugin_for_types for all plugin
>   mimetypes just in case our custom full page blocking code fails
>
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080603/594ecbba/attachment.htm>


More information about the tor-talk mailing list