Silk Road forums
Discussion => Newbie discussion => Topic started by: sillybird on August 05, 2013, 07:36 pm
-
I accessed tormail yesterday with javascript off, no script running, and I am running the latest tbb with firefox 17.0.7. From the information I've gathered, I should be safe? Can someone reassure me? Cheers
-
YES
-
OK. I figured that was the case. So this javascript exploit only could affect users who were running firefox 17?
-
It looks like the Tor project's stance is that if you had FF 17.0.7 ESR you weren't vulnerable even if Javascript was enabled:
https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
Also Astor has a pretty nice summary here: http://dkn255hz262ypmii.onion/index.php?topic=195873.msg1415334#msg1415334
-
Below are couple more links, one from the tor project. Evidently if you were updating TBB when it requested, or you didn't install TBB until after June 26th you are safe. They fixed the vulnerability June 26th so any version of TBB after that was safe as I understand from the first
CLEARNET WARNING:
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
http://tsyrklevich.net/tbb_payload.txt
-
It looks like the Tor project's stance is that if you had FF 17.0.7 ESR you weren't vulnerable even if Javascript was enabled:
https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
Also Astor has a pretty nice summary here: http://dkn255hz262ypmii.onion/index.php?topic=195873.msg1415334#msg1415334
+1 thanks