> tort...@arcor.de wrote:
>> It depends on what you want to read. If you want some scary rants
>> about Tor and 0 days you might want to read:
>> "Bug that hit Firefox and Tor browsers was hard to spot now we know
> His bug was interesting in a few ways. For one, it appeared weeks
> after he claimed to have it. Perhaps most surprising was that senior
> engineers needed to walk him through the problem he was interested in
> reporting (by Erinn Atwater & Ryan Duff ) before he could articulate
> it in any meaningful way. His insistence that it was a Tor-exclusive
> bug also cost him a bug bounty from Mozilla (their chart would appear to
> indicate $10k+ for a bug like that).
Why should Tor users be interested in the expertise or motives of the person
who reported this bug?
> It's also worth noting that Tor released a patch the same day the bug > was
> finally reported. Rotor Browser (jmprcx/movrcx's project) hasn't
> patched the issue , even though Mozilla and Tor both did.
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to