[tor-talk] 2.2.35-11, TBB Linux: network.websocket.enabled = true, why?
ming at tormail.org
ming at tormail.org
Mon May 7 05:30:40 UTC 2012
With this blog entry:
https://blog.torproject.org/blog/new-tor-browser-bundles-security-release
It claims 2.2.35-11 fixes a problem posted here:
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
With Tor Browser Bundle (2.2.35-11); suite=linux installed, I read where it
was fixed in the changelog:
From: ~/tor-browser_en-US/Docs/changelog:
* New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)
But when running this new bundle version, network.websocket.enabled
remains set at true.
How was this patched when the value remains set as true? Shouldn't the
above value now be set at false?
The former blog post, prior to the recent release, states:
"To fix this dns leak/security hole, follow these steps:
Type “about:config” (without the quotes) into the Firefox URL bar. Press
Enter.
Type “websocket” (again, without the quotes) into the search bar that
appears below "about:config".
Double-click on “network.websocket.enabled”. That line should now show
“false” in the ‘Value’ column."
Unless this was patched elsewhere in the browser (if so, where?) how has
Tor Browser Bundle (2.2.35-11); suite=linux
been patched to resolve this issue when the same field,
“network.websocket.enabled” appears as true in this new release?
More information about the tor-talk
mailing list