[tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?
ming at tormail.org
ming at tormail.org
Mon May 7 05:30:40 UTC 2012
With this blog entry:
https://blog.torproject.org/blog/new-tor-browser-bundles-security-release
It claims 2.2.35-11 fixes a problem posted here:
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
With Tor Browser Bundle (2.2.35-11); suite=linux installed, I read where it
was fixed in the changelog:
From: ~/tor-browser_en-US/Docs/changelog:
* New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)
But when running this new bundle version, network.websocket.enabled
remains set at true.
How was this patched when the value remains set as true? Shouldn't the
above value now be set at false?
The former blog post, prior to the recent release, states:
"To fix this dns leak/security hole, follow these steps:
Type about:config (without the quotes) into the Firefox URL bar. Press
Enter.
Type websocket (again, without the quotes) into the search bar that
appears below "about:config".
Double-click on network.websocket.enabled. That line should now show
false in the Value column."
Unless this was patched elsewhere in the browser (if so, where?) how has
Tor Browser Bundle (2.2.35-11); suite=linux
been patched to resolve this issue when the same field,
network.websocket.enabled appears as true in this new release?
More information about the tor-talk
mailing list