Silk Road forums

Discussion => Security => Topic started by: Bazille on September 17, 2013, 07:50 pm

Title: Firefox/Tor Browser Bundle important security update
Post by: Bazille on September 17, 2013, 07:50 pm
There are 5 known critical security vulnerabilities in Firefox 23 and Firefox ESR 17.0.8. These vulnerabilities have been fixed in the latest version, so update your browsers if you use Firefox.
An update for the Tor Browser Bundle is not available yet, but it will probably get updated soon.

Critical vulnerabilities:
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats

Source:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
Title: Re: Firefox 24 and Firefox ESR 17.0.9 have been released
Post by: Bazille on September 21, 2013, 05:03 pm
The updated version of Tor Browser Bundle is available now.
It is an important security update and everyone should update to version 2.3.25-13 or 2.4.17-beta-2 asap.

https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr

Quote

The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr. This release of Firefox has many important security updates and all users are strongly encouraged to upgrade.

The beta version includes an updated HTTPS Everywhere which fixes the problems many users were having with the google.com OCSP meltdown.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.3.25-13)

    Update Firefox to 17.0.9esr
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
    Update HTTPS Everywhere to 3.4.1
    Update NoScript to 2.6.7.1
    Remove extraneous libevent libraries (closes: #9727)
    Enable GCC hardening for Tor
    Firefox patch changes:
        - Disable filtered results in Startpage omnibox (closes: #8839)

Tor Browser Bundle (2.4.17-beta-2)

    Update Firefox to 17.0.9esr
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
    Update LibPNG to 1.6.3
    Update HTTPS Everywhere to 4.0development.12
    Update NoScript to 2.6.7.1
    Remove extraneous libevent libraries (closes: #9727)
    Enable GCC hardening for Tor
    Firefox patch changes:
        - Disable filtered results in Startpage omnibox (closes: #8839)
    Add missing geoip file to Linux bundle

    (entry missing from regular changelog)