Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

Delete this message

Reply to this message
Author: Georg Koppen
Date:  
To: The Tails public development discussion list
CC: Mike Perry
Subject: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
Jacob Appelbaum:
> On 8/7/15, Georg Koppen <gk@???> wrote:
>> Jacob Appelbaum:
>>> On 8/7/15, jvoisin <julien.voisin@???> wrote:
>>>> Hello,
>>>>
>>>> I disagree with your analysis;
>>>> while the Apparmor profile (♥) will prevent tragic things like gpg key
>>>> stealing, please keep in mind that an attacker can access every Firefox
>>>> files, like cookies (stealing sessions), stored passwords, changing
>>>> preferences (remember http://net.ipcalf.com/ ?), executing code inside
>>>> the browser, …
>>>
>>> I believe that the newest Tor Browser alpha will provide a fix. I hope
>>> Mike will chime in here...
>>
>> I don't know what kind of fix you have in mind. All we'll provide is an
>> update to ESR 38.2.0. We are basically about to tag the things and start
>> building. ETA for the alpha is probably Tuesday.
>
> Ah ha - great. Thank you for chiming in!
>
> The current Tails Tor Browser is 4.5.3 (based on Mozilla Firefox
> 31.8.0) - so the new alpha won't change anything and the current
> browser shouldn't be impacted by it.
>
> Did I understand that correctly?


The stable Tor Browser, which Tails is using, should not be affected,
correct. The upcoming alpha fixes the problem for our current alpha,
5.0a4, which is already based on ESR 38.

Georg