On 8/7/15, Georg Koppen <g...@torproject.org> wrote: > Jacob Appelbaum: >> On 8/7/15, jvoisin <julien.voi...@dustri.org> wrote: >>> Hello, >>> >>> I disagree with your analysis; >>> while the Apparmor profile (♥) will prevent tragic things like gpg key >>> stealing, please keep in mind that an attacker can access every Firefox >>> files, like cookies (stealing sessions), stored passwords, changing >>> preferences (remember http://net.ipcalf.com/ ?), executing code inside >>> the browser, … >> >> I believe that the newest Tor Browser alpha will provide a fix. I hope >> Mike will chime in here... > > I don't know what kind of fix you have in mind. All we'll provide is an > update to ESR 38.2.0. We are basically about to tag the things and start > building. ETA for the alpha is probably Tuesday.
Ah ha - great. Thank you for chiming in! The current Tails Tor Browser is 4.5.3 (based on Mozilla Firefox 31.8.0) - so the new alpha won't change anything and the current browser shouldn't be impacted by it. Did I understand that correctly? > > That said Mozilla's reasoning for not doing a chemspill for ESR 31 was > > "we determined that the vulnerability isn't present in the current 31 > ESR." Hey - that's great news - thanks for clearing that up! > > That's a quote from Liz Henry, the Firefox release manager. > Perfect - thank you! All the best, Jacob _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.