Opened 4 years ago

Closed 4 years ago

#16514 closed defect (duplicate)

Tor Browser reset?

Reported by: ioerror Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: security
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I had a tor-browser-linux64-4.0.2_en unpacked and unused for a few months. I hoped to start it and then update it. This failed in a spectacular manner - I started it, it warned me that it was out of date - update was only by redirection to a download page. While downloading the browser, I noticed a prompt in the bottom of the browser window. It said something to the effect of "you haven't run Tor Browser in a while, clean up?" - this is when all hell broke loose. My profile was wiped and a new browser window popped up - looked very different. I closed it. Attempting to start Tor Browser after this point was impossible - it left me in a corrupt state.

I think the new browser was likely configured to not use Tor - so this is possibly a spectacular failure. I didn't test but it should be possible to repro by setting the clock backwards, unpacking the right version of torbrowser, setting the clock to today and clicking on the cleanup button.

Lunar suggests we need to do something with the browser.disableResetPrompt option.

This is another example where having UnixSocket for SOCKS transport and a properly sandboxed browser would have saved us, I think. Then even if firefox is reconfigured, it fails closed.

Child Tickets

Change History (1)

comment:1 Changed 4 years ago by gk

Resolution: duplicate
Status: newclosed

Duplicate of #16441.

Note: See TracTickets for help on using tickets.