Jacob Appelbaum: > On 8/7/15, jvoisin <julien.voi...@dustri.org> wrote: >> Hello, >> >> I disagree with your analysis; >> while the Apparmor profile (♥) will prevent tragic things like gpg key >> stealing, please keep in mind that an attacker can access every Firefox >> files, like cookies (stealing sessions), stored passwords, changing >> preferences (remember http://net.ipcalf.com/ ?), executing code inside >> the browser, … > > I believe that the newest Tor Browser alpha will provide a fix. I hope > Mike will chime in here...
I don't know what kind of fix you have in mind. All we'll provide is an update to ESR 38.2.0. We are basically about to tag the things and start building. ETA for the alpha is probably Tuesday. That said Mozilla's reasoning for not doing a chemspill for ESR 31 was "we determined that the vulnerability isn't present in the current 31 ESR." That's a quote from Liz Henry, the Firefox release manager. Georg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.