Opened 21 months ago

Closed 21 months ago

Last modified 3 weeks ago

#19121 closed defect (fixed)

reinstate the update.xml hash check

Reported by: mcs Owned by: mcs
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: ff45-esr, TorBrowserTeam201605R, tbb-6.0-must, tbb-no-uplift-60
Cc: brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While working on #18912, Kathy and I discovered the following Mozilla change that causes the update.xml hash check to be skipped when signed MAR files are in use (this change shipped in Firefox 43):
https://bugzilla.mozilla.org/show_bug.cgi?id=862173

I think the our philosophy is different than Mozilla's and that we probably want to reinstate the hash check. Mike and Georg, do you agree?

Child Tickets

Change History (6)

comment:1 Changed 21 months ago by mcs

Status: newneeds_information

comment:2 Changed 21 months ago by gk

Ugh, good find. Yes, we definitely want the hash check.

comment:3 Changed 21 months ago by gk

Owner: changed from tbb-team to mcs
Priority: MediumHigh
Severity: NormalMajor
Status: needs_informationassigned

comment:4 Changed 21 months ago by mcs

Keywords: TorBrowserTeam201605R added; TorBrowserTeam201605 removed
Status: assignedneeds_review

comment:5 Changed 21 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good, thanks. This is commit c179270e049f085ec8ae1ad443dd1b1fe1084728 on tor-browser-45.1.0esr-6.0-1.

comment:6 Changed 3 weeks ago by arthuredelstein

Keywords: tbb-no-uplift-60 added
Note: See TracTickets for help on using tickets.