subject:"Re\: \[tor\-bugs\] #26705 \[Applications\/Tor Browser\]\: BUG Report \! Use after Free Vulnerability"

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-27 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+--
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  invalid
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  needs_information => closed
 * resolution:   => invalid


Comment:

 So, it seems both examples are more or less copy-and-pasted: the first
 example code from https://www.exploit-db.com/exploits/41660/ aka
 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 and the second one
 from http://www.signalsec.com/publications/UseAfterFree-Exploiting.pdf.
 The former got fixes a while ago and the latter seemed to affect IE 11,
 which is why neither crashes Tor Browser. Thus, closing as invalid.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-12 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by boklm):

 Some questions:

 - on which OS are you seeing this issue? So far we have tried loading the
 2 html pages in 2 tabs on Linux, Windows 7 and macOS 10.11 without being
 able to reproduce the issue.

 - In the screenshots, you seem to be loading the pages locally (with
 file:/// URLs). Does this issue only happen with local pages, or can you
 reproduce it when loading them with http?

 - In `tor2.png` it looks like you open the second page using the file
 manager. Can you reproduce the issue by copy pasting the address in the
 URL bar instead of using the file manager to open it? The error in `crash
 tor 3.png` looks like an error you would get if you try to run more than
 one instance of the browser. So the issue might be how the file manager
 has been configured to open new pages in Tor Browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-11 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by t4rkd3vilz):

 * Attachment "crash tor 3.png" added.

 result

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-11 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by t4rkd3vilz):

 * Attachment "tor1.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-11 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by t4rkd3vilz):

 * Attachment "tor2.png" added.

 crash senary

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-10 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 1:31 PM Ticket #26700 (Batch merge for Relay Search patches) closed by irl
 fixed: Thanks!
 1:31 PM Tickets #25199,25242,25533,25861,26518 batch updated by irl
 fixed: Merged in #26700.
 1:31 PM Ticket #26525 (Rename sandbox_getaddrinfo() functions.) closed by
 nickm
 fixed: merged!
 1:22 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 closed by nickm
 fixed: Cherry-picked into 0.3.3; fix should be in the next maint-0.3.3
 release.
 1:22 PM Ticket #26700 (Batch merge for Relay Search patches) updated by
 karsten
 Merged, pushed to master, and deployed. Can't close because of child …
 1:21 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 updated by nickm
 Milestone changed
 Hang on -- you said that you were testing 0.3.3.7; this bug has only …
 1:17 PM Ticket #25512 (Tor in-process restart fails to write auth cookie)
 updated by nickm
 Status changed
 1:15 PM Ticket #26455 (use correct CARGO_HOME in test_rust.sh) closed by

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-09 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by cypherpunks):

 * status:  needs_information => closed
 * resolution:   => worksforme


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-09 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+---
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  needs_information
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by boklm):

 * status:  new => needs_information


Comment:

 I tried this in Tor Browser 7.5.6, and 8.0a9, but this did not crash for
 me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

2018-07-09 Thread Tor Bug Tracker & Wiki

#26705: BUG Report ! Use after Free Vulnerability
--+--
 Reporter:  t4rkd3vilz|  Owner:  tbb-team
 Type:  project   | Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Dbryrtfbcbhgf):

 * owner:  (none) => tbb-team
 * version:  Tor: unspecified =>
 * component:  Core Tor/Tor => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

Re: [tor-bugs] #26705 [Applications/Tor Browser]: BUG Report ! Use after Free Vulnerability

9 matches

Site Navigation

Mail list logo

Footer information