[tor-talk] Is Tor Browser 5.5.1 vulnerable to any of the graphite font vulnerabilities?

Soul Plane soulplane11 at gmail.com
Fri Feb 12 19:38:02 UTC 2016


On Fri, Feb 12, 2016 at 1:41 AM, Georg Koppen <gk at torproject.org> wrote:

> Cain Ungothep:
> >> I would
> >> like to know if Tor Browser 5.5.1 is vulnerable. Thanks
> >
> > Looks like it is:
> >
> >
> https://gitweb.torproject.org/builders/tor-browser-bundle.git/commit/?id=7a36dbece35a307675f396a019dccf6e431efb44
> >
> > That build corresponds to a branch which includes the commit that
> > supposedly fixed bug 1246093, and this commit was only pushed less than
> > 48 hours ago.
>
> Indeed. We plan to get at least a new stable version (5.5.2) out today
> which is based on Firefox ESR 38.6.1. Mozilla released 38.6.1 just to
> address the Graphite vulnerabilities.
>


Thanks, I have downloaded version 5.5.2.


More information about the tor-talk mailing list