Opened 3 months ago

Closed 3 months ago

#30849 closed defect (fixed)

Backport fixes for bug 1552627 and 1549833

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201907R, GeorgKoppen201906
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Not sure if they are as easily exploitable in Tor Browser as they are in Firefox but we should be better safe here than sorry and backport the pref changes coming with bug 1552627 and 1549833.

Child Tickets

Change History (4)

comment:1 Changed 3 months ago by gk

Changesets in question are:

https://hg.mozilla.org/mozilla-central/rev/29d9eb1276a7
https://hg.mozilla.org/mozilla-central/rev/6fefc560ddc4
https://hg.mozilla.org/mozilla-central/rev/465fa362c702

bug_30849 (https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_30849) does contain the last two changes as they are simple preference settings. I am not sure about the first one as it is more a fix to make social engineering harder and it seems to require some work to get it properly applied to esr60...

comment:2 Changed 3 months ago by gk

Keywords: TorBrowserTeam201907R added; TorBrowserTeam201906 removed
Status: newneeds_review

After revisiting I think we should just go with the two pref flips for now and pick up the other part of the fix once we move to esr68.

comment:3 Changed 3 months ago by acat

Status: needs_reviewmerge_ready

Looks good to me.

comment:4 in reply to:  3 Changed 3 months ago by gk

Resolution: fixed
Status: merge_readyclosed

Replying to acat:

Looks good to me.

Thanks! Cherry-picked to tor-browser-60.7.0esr-9.0-1 (commit 35560e850f9dbf29e18895b3e55ad9b4e684cd24 and 0be8d76933ec1e36553f1bfaffb261169757fa77) and tor-browser-60.7.0esr-8.5-1 (commit e0c4aa5835df2a0ea4c2555872fc467649e2cc49 and cb68eb598242fd211bf032e704069ea453f57c05).

Note: See TracTickets for help on using tickets.