[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Jerzy Łogiewa
jerzyma at interia.eu
Tue Aug 6 21:18:28 PDT 2013
But this data is not useful for any but most advanced user.
TBB should autoupdate for any nongeek user. I hope some safe way of this update exists.
--
Jerzy Łogiewa -- jerzyma at interia.eu
On Aug 6, 2013, at 5:11 PM, CodesInChaos wrote:
> When the user's version is outdated you already display an update notice.
> You could add those items from https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
> that apply to the current version. Listing particular vulnerabilities makes it clear that you actually should
> update and that it isn't just a superfluous notice that's just for annoying the user.
>
> I wouldn't duplicate the actual advisories, but listing them is a good idea IMO.
>
> Perhaps something like:
>
> -----------------------------------
> This version of TOR Browser is based on Firefox ESR 17.0.6. You need to upgrade to fix the following security issues:
>
> Fixed in Firefox ESR 17.0.7
> MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
> MFSA 2013-56 PreserveWrapper has inconsistent behavior
> MFSA 2013-55 SVG filters can lead to information disclosure
> MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
> MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
> MFSA 2013-51 Privileged content access and execution via XBL
> MFSA 2013-50 Memory corruption found using Address Sanitizer
> MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
> -------------------------------------
More information about the liberationtech
mailing list