[tor-talk] Security in Tor Browser related to Firefox ESR

Soul Plane soulplane11 at gmail.com
Wed Feb 12 01:30:24 UTC 2014


Ok thanks. I checked the blog today and saw that 3.5.2 was released. I
didn't get any announcement. Why not announce the releases through
tor-announce? I'm subscribed to that but I didn't get any notice. Is there
a list or RSS feed where just releases are announced? I don't want a lot of
emails. I don't plan to stay subscribed to tor-talk (there are lots of
things that just don't concern me) but for now I am and I didn't get a
notice of the new release on this list either.


On Thu, Feb 6, 2014 at 6:18 AM, Rick <rerushg at gmail.com> wrote:

> On 02/06/2014 02:05 AM, Soul Plane wrote:
>
>> Yesterday I received a security alert that Firefox ESR was updated to
>> 24.3.
>> http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
>>
>> I am wondering if since Tor Browser is based on Firefox ESR it is now
>> subject to security vulnerabilities? When you release the Tor Browser
>> Bundle do you identify the version (24.2, 24.3,etc) of Firefox that it is
>> based on?
>>
>> When Firefox patches vulnerabilities in the ESR product and makes a new
>> release do you do the same? I took a look at the git for Tor Browser and I
>> can't tell whether or not it integrates whatever changes are in Firefox
>> 24.3.
>>
>> Thanks
>>
> New releases are announced here and in the website blog. Changes are
> mentioned and a link to the changelog is provided. That shows that we've
> been in 24.2 since mid-December and 24.3 will appear with TBB 3.5.2, due
> for release within the next week or so (I presume).
>
> Are we 'now subject to security vulnerabilities'? Sure! And we'll be
> subject to the yet-unknown vulnerabilities of 24.3 when it's released in
> TBB. It's a work in progress.
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list