[tor-talk] Security in Tor Browser related to Firefox ESR
Rick
rerushg at gmail.com
Thu Feb 6 11:18:32 UTC 2014
On 02/06/2014 02:05 AM, Soul Plane wrote:
> Yesterday I received a security alert that Firefox ESR was updated to 24.3.
> http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
>
> I am wondering if since Tor Browser is based on Firefox ESR it is now
> subject to security vulnerabilities? When you release the Tor Browser
> Bundle do you identify the version (24.2, 24.3,etc) of Firefox that it is
> based on?
>
> When Firefox patches vulnerabilities in the ESR product and makes a new
> release do you do the same? I took a look at the git for Tor Browser and I
> can't tell whether or not it integrates whatever changes are in Firefox
> 24.3.
>
> Thanks
New releases are announced here and in the website blog. Changes are
mentioned and a link to the changelog is provided. That shows that we've
been in 24.2 since mid-December and 24.3 will appear with TBB 3.5.2, due
for release within the next week or so (I presume).
Are we 'now subject to security vulnerabilities'? Sure! And we'll be
subject to the yet-unknown vulnerabilities of 24.3 when it's released in
TBB. It's a work in progress.
More information about the tor-talk
mailing list