[tor-talk] Is Tor Browser 5.5.1 vulnerable to any of the graphite font vulnerabilities?
Soul Plane
soulplane11 at gmail.com
Fri Feb 12 05:07:52 UTC 2016
I received a Firefox ESR vulnerability notice today [1] that basically says
some vulnerabilities in libgraphite were fixed in 38.6.1, released today.
The digital signature is for the 10th. Some of the issues were first
disclosed on Feb 5 [2] which is around Tor Browser 5.5.1 was released. I'm
not sure when the other smart font issue was first disclosed.
In the tor browser blog comments on the 10th someone said graphite font
rendering is vulnerable [3] but I can't tell if he's talking about in 5.5.1
or before.
I cannot find a list of vulnerability notices for Tor Browser (why not?
seems like it would be good to have). I assume it somewhat mirrors Firefox
ESR. Based on the information about this, which looks exploitable, I would
like to know if Tor Browser 5.5.1 is vulnerable. Thanks
[1]: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
[2]:
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
[3]:
https://blog.torproject.org/blog/tor-browser-551-released#comment-155968
More information about the tor-talk
mailing list