Silk Road forums
Discussion => Security => Topic started by: Bazille on September 17, 2013, 07:50 pm
-
There are 5 known critical security vulnerabilities in Firefox 23 and Firefox ESR 17.0.8. These vulnerabilities have been fixed in the latest version, so update your browsers if you use Firefox.
An update for the Tor Browser Bundle is not available yet, but it will probably get updated soon.
Critical vulnerabilities:
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
Source:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
-
The updated version of Tor Browser Bundle is available now.
It is an important security update and everyone should update to version 2.3.25-13 or 2.4.17-beta-2 asap.
https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr
The stable and beta Tor Browser Bundles have been updated with Firefox 17.0.9esr. This release of Firefox has many important security updates and all users are strongly encouraged to upgrade.
The beta version includes an updated HTTPS Everywhere which fixes the problems many users were having with the google.com OCSP meltdown.
https://www.torproject.org/projects/torbrowser.html.en#downloads
Tor Browser Bundle (2.3.25-13)
Update Firefox to 17.0.9esr
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
Update HTTPS Everywhere to 3.4.1
Update NoScript to 2.6.7.1
Remove extraneous libevent libraries (closes: #9727)
Enable GCC hardening for Tor
Firefox patch changes:
- Disable filtered results in Startpage omnibox (closes: #8839)
Tor Browser Bundle (2.4.17-beta-2)
Update Firefox to 17.0.9esr
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
Update LibPNG to 1.6.3
Update HTTPS Everywhere to 4.0development.12
Update NoScript to 2.6.7.1
Remove extraneous libevent libraries (closes: #9727)
Enable GCC hardening for Tor
Firefox patch changes:
- Disable filtered results in Startpage omnibox (closes: #8839)
Add missing geoip file to Linux bundle
(entry missing from regular changelog)