Opened 11 months ago

#25916 new defect

Disable MOZ_DISABLE_CONTENT_SANDBOX

Reported by: tom Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

MOZ_DISABLE_CONTENT_SANDBOX can be used at runtime to disable the content sandbox. If an attacker can influence this, we're probably already sunk, but just like we disable the "Dump all your TLS Session Keys here please" environment variable, we should disable this one too.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.