[tor-talk] Is Tor Browser 5.5.1 vulnerable to any of the graphite font vulnerabilities?
Cain Ungothep
ungocain at yandex.com
Fri Feb 12 06:20:05 UTC 2016
> I would
> like to know if Tor Browser 5.5.1 is vulnerable. Thanks
Looks like it is:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/commit/?id=7a36dbece35a307675f396a019dccf6e431efb44
That build corresponds to a branch which includes the commit that
supposedly fixed bug 1246093, and this commit was only pushed less than
48 hours ago.
NOTE: Torbutton's security slider at level "High" says "Some font rendering
features are disabled" and "[...] The Graphite font rendering mechanism
is disabled." It would be good to know if this prevents the
vulnerability.
> [1]: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
> [2]:
> http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
> [3]:
> https://blog.torproject.org/blog/tor-browser-551-released#comment-155968
More information about the tor-talk
mailing list