#31019: Investigate update on Windows via BITS -------------------------------------+------------------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: Medium | Milestone: Component: Applications/Tor | Version: Browser | Keywords: ff68-esr, tbb-update, Severity: Normal | tbb-proxy-bypass Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | -------------------------------------+------------------------------------- It seems there is coming a new update method for Windows users with Firefox 68 ESR which is called BITS (Background Intelligent Transfer Service), which is a Windows component.[1] The marketing promise is that "This change will allow Firefox to continue downloading an update after Firefox has been closed." [2] which seems to be dangerous in the Tor Browser context.
There is a pref we can flip, though to use the older internal updater [3]. However, we should make sure the potential proxy bypass I am seeing here is actually mitigated by that. [1] https://www.ghacks.net/2019/06/24/firefox-will-use-bits-on-windows- for-updates-going-forward/ [2] https://groups.google.com/forum/#!topic/mozilla.dev.platform/PCzoYCfi_fk [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1553977 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31019> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs