Opened 6 months ago

Closed 5 months ago

#34136 closed defect (wontfix)

Audit the Content Process Sandbox Level bump in ESR68.8 on Windows

Reported by: cypherpunks Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-security, TorBrowserTeam202005
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

To fix CVE-2020-12388 and CVE-2020-12389, Mozilla set security.sandbox.content.level to 6.
The code to support that was backported to ESR: https://hg.mozilla.org/mozilla-unified/file/esr68/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#l505
Correctness and completeness of the backport should be audited.

Child Tickets

Change History (1)

comment:1 Changed 5 months ago by gk

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.