Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here is Mozilla on the vulnerability: [1] https://blog.mozilla.org/security/2013/08/04/investigating-s... It would seem that Tor released Tor Browser Bundle (TBB) with 17.0.7 on the 26th of June: [2] https://blog.torproject.org/blog/new-tor-browser-bundles-and... (note: lack of an Obfsproxy bundle!) 17.0.7 is the Firefox with the patch for the JS bug that was exploited, assuming [1] is correct.

IF this was what is exploited, then it would seem that the latest non-obfsproxy Tor Broswer Bundle [2] will be ok. It seems that Tor released a new TBB the day after upstream Firefox vulnerability was patched.

Double check though.

Here's what seems to be the original security advisory [3] http://www.mozilla.org/security/announce/2013/mfsa2013-53.ht...

Also, Tor have responded here: [4] https://blog.torproject.org/blog/hidden-services-current-eve...



Update: Tor have issued a security advisory (TL;DR: anything "Vanilla" post July 8th is ok, everybody else upgrade) https://lists.torproject.org/pipermail/tor-talk/2013-August/...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: