#34136: Audit the Content Process Sandbox Level bump in ESR68.8 on Windows -------------------------------------+------------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: High | Component: Applications/Tor | Browser Version: | Severity: Major Keywords: tbb-security, | Actual Points: TorBrowserTeam202005 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------+------------------------------------- To fix CVE-2020-12388 and CVE-2020-12389, Mozilla set `security.sandbox.content.level` to `6`. The code to support that was backported to ESR: https://hg.mozilla.org /mozilla- unified/file/esr68/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#l505 Correctness and completeness of the backport should be audited.
-- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34136> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs