[tor-talk] Reason Firefox version in TBB is so far behind?
Joe Btfsplk
joebtfsplk at gmx.com
Fri Aug 5 19:19:10 UTC 2011
On 8/2/2011 7:41 PM, Joe Btfsplk wrote:
> On 8/2/2011 7:10 PM, Andrew Lewman wrote:
>> On Tuesday, August 02, 2011 19:55:48 Joe Btfsplk wrote:
>>> Are there specific reasons for not using latest (or late-er) Firefox
>>> versions in Tor Browser Bundle? Is it primarily because the latest
>>> version doesn't always work w/ Tor& fixes must be developed for Tor to
>>> deal w/ that?
>> It's the latest udpated Firefox 3.6 branch. FF4 branch has been
>> killed and
>> replaced with 5. We have FF5 testing bundles. See
>> https://blog.torproject.org/blog/new-tor-browser-bundles-3.
> Thanks. I realize the latest stable TBB has FF 3.6. Is the reason
> for delay in updating to latest FF version always for testing - to see
> if Tor works properly?
> Firefox versions used in stable TBB have always run behind the latest
> FF release - sometimes several versions. This may well be unavoidable
> for TBB developers. My original question - how does this affect the
> security of TBB users?
> _______________________________________________
>
No comments on security implications of using a Firefox version in TBB,
that isn't up to date with security fixes (sometimes not even close)?
I'm grateful for the work done to create TBB, but the mantra of security
experts has always been, "ALWAYS keep your browser / OS updated w/
security patches."
As said, it may be unavoidable (currently) for TBB developers to
integrate new FF versions quickly, but surely I'm not the 1st to wonder
about security issues of using old browser versions.
The testing bundles Andrew mentioned are fine for, well... testing, but
not for general users. It's a long way & many fixes, from Firefox 3.6
to 5.0 / 5.0.1.
More information about the tor-talk
mailing list