On Thu, Dec 1, 2016, at 01:27 PM, Nathan Freitas wrote:
> On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote:
> > On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote:
> > > * The blog post about the 6.0.7 Tor Browser update will go up any
> > > moment. I see that the Tor
On Wed, Nov 30, 2016, at 11:39 AM, Roger Dingledine wrote:
> On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote:
> > * The blog post about the 6.0.7 Tor Browser update will go up any
> > moment. I see that the Tor Browser team has already put the packages in
> >
On Wed, Nov 30, 2016 at 02:28:52PM -0500, Roger Dingledine wrote:
> * The blog post about the 6.0.7 Tor Browser update will go up any
> moment. I see that the Tor Browser team has already put the packages in
> https://dist.torproject.org/torbrowser/6.0.7/
And there it is:
On Wed, Nov 30, 2016 at 12:08:00PM +, Georg Koppen wrote:
> FWIW: We plan to release 6.0.7 with the patch Mozilla developed in a
> couple of hours. Updates to the alpha and hardened series will we
> provided as well thereafter.
Update:
* The blog post about the 6.0.7 Tor Browser update will
Roger Dingledine:
> On Tue, Nov 29, 2016 at 09:55:23PM -, firstwa...@sigaint.org wrote:
>> This is an Javascript exploit
>
> Thanks. I pointed some folks on irc to this mail, and Daniel Veditz
> (Mozilla Security Team) said "the Firefox team was sent a copy of that
> this morning. We've found
For anyone looking into it, I tried to clean up cssbanner.js a little more.
https://gist.github.com/kristovatlas/e03be5f10e48801aec88b0e23f00a3d7
I didn't actually compare execution before and after my changes, so caveat
emptor.
On Tue, Nov 29, 2016 at 6:31 PM, Kevin
The first var looks like an encryption key. Just my humble observation
and food for thought.
On 11/29/2016 4:55 PM, firstwa...@sigaint.org wrote:
This is an Javascript exploit actively used against TorBrowser NOW. It
consists of one HTML and one CSS file, both pasted below and also
On Tue, Nov 29, 2016 at 09:55:23PM -, firstwa...@sigaint.org wrote:
> This is an Javascript exploit
Thanks. I pointed some folks on irc to this mail, and Daniel Veditz
(Mozilla Security Team) said "the Firefox team was sent a copy of that
this morning. We've found the bug being used and are
This is an Javascript exploit actively used against TorBrowser NOW. It
consists of one HTML and one CSS file, both pasted below and also
de-obscured. The exact functionality is unknown but it's getting access to
"VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP. I
had to break