Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
CC: Mike Perry
Subject: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
On 8/7/15, jvoisin <julien.voisin@???> wrote:
> Hello,
>
> I disagree with your analysis;
> while the Apparmor profile (♥) will prevent tragic things like gpg key
> stealing, please keep in mind that an attacker can access every Firefox
> files, like cookies (stealing sessions), stored passwords, changing
> preferences (remember http://net.ipcalf.com/ ?), executing code inside
> the browser, …


I believe that the newest Tor Browser alpha will provide a fix. I hope
Mike will chime in here...

>
> This seems pretty serious to me, since people expect the web-browser to
> be reasonably trustworthy.


Agreed.

All the best,
Jacob