subject:"\[tor\-bugs\] #7501 \[Applications\/Tor Browser\]\: Audit PDF.js"

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2019-12-19 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  tbb-security, ff60-esr => tbb-security
 * status:  assigned => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2018-05-05 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security, ff60-esr|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 It's official folks, Project Mortar *IS* DEAD
 https://wiki.mozilla.org/Mortar_Project

 > The Mortar experiment has concluded. Mozilla does not consider the PDF
 use case justifies the burden of implementing and maintaining PDFium and a
 Pepper API implementation in Gecko.

 So the `ff60-esr` keyword was justified after all.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2018-02-05 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security, ff60-esr|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * keywords:  tbb-security => tbb-security, ff60-esr


Comment:

 Seems more and more like PDFium integration with Firefox is dead, so
 putting review with every ESR again.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-11-19 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 According to
 
[https://www.reddit.com/r/firefox/comments/7dlqob/when_will_pdfium_be_ready/dpzfsj9/
 Dave Townsend], there are no "plans to integrate PDFium at this point", so
 unless there's a big surprise FF59 will still be stuck with pdfjs :(

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-10-12 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 According to the top comment in this thread on HN
 https://news.ycombinator.com/item?id=15167104

 > PDFium used by Chrome internally uses Foxit PDF library to read and
 extract information from the PDF.
 >
 > Google basically bought Foxit's library and open sourced it - but looks
 like the open source version isn't keeping up with the upstream commercial
 version of Foxit because the latest Foxit reader doesn't seem to have this
 bug.

 If this is true, and the commercial version is years ahead of the open
 source version in terms of security fixes, then it's a serious security
 issue. One wonders why they didn't go for Evince which was always open
 source and cross-platform. Anyway, one should keep that in mind and if
 possible lobby Mozilla to look into this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-09-17 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 According to a
 
[https://www.reddit.com/r/firefox/comments/70n57w/suggestion_make_pdf_viewer_fullscreen_and_print/dn4nhrx/
 comment] by a Platform Engineer at Mozilla, `PDFium` may land in 58 but he
 says "don't quote me on that", so there's a high chance that in a worst
 case scenario it would be already available for FF59-esr.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-08-29 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
--+--
 Reporter:  mikeperry |  Owner:  gk
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * keywords:  tbb-usability, tbb-linkability, ff52-esr => tbb-security


Comment:

 Indeed, Mozilla realized that it needed a full-featured PDF processor,
 especially for [https://www.iso.org/standard/63534.html ISO 32000-2:2017],
 and no PDF.js could cope with it. So now we have ~~Adobe ~~ PDF Plugin
 integrated into the chrome process for
 https://bugzilla.mozilla.org/show_bug.cgi?id=1347444.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-05-25 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
-+-
 Reporter:  mikeperry|  Owner:  gk
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-linkability,  |  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Is this even worth it now with the move to replace `pdf.js` with the one
 from Chromium (`PDFium` which is written in C++ = memory unsafe) for ff59?
 https://bugzilla.mozilla.org/show_bug.cgi?id=1345330

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

2017-03-21 Thread Tor Bug Tracker & Wiki

#7501: Audit PDF.js
-+-
 Reporter:  mikeperry|  Owner:  gk
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-linkability,  |  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * keywords:  tbb-usability, ff31-esr => tbb-usability, tbb-linkability,
 ff52-esr


Comment:

 Review with every ESR.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

Re: [tor-bugs] #7501 [Applications/Tor Browser]: Audit PDF.js

9 matches

Site Navigation

Mail list logo

Footer information