> [email protected] wrote:
>> It depends on what you want to read. If you want some scary rants >> about Tor and 0 days you might want to read: >> >> http://arstechnica.com/security/2016/09/bug-that-hit-firefox-and-tor-browsers-was-hard-to-spot-now-we-know-why/ >> "Bug that hit Firefox and Tor browsers was hard to spot now we know >> why" > His bug was interesting in a few ways. For one, it appeared weeks > after he claimed to have it. Perhaps most surprising was that senior > engineers needed to walk him through the problem he was interested in > reporting (by Erinn Atwater & Ryan Duff [2]) before he could articulate > it in any meaningful way. His insistence that it was a Tor-exclusive > bug also cost him a bug bounty from Mozilla (their chart would appear to > indicate $10k+ for a bug like that). Why should Tor users be interested in the expertise or motives of the person who reported this bug? > It's also worth noting that Tor released a patch the same day the bug > was > finally reported. Rotor Browser (jmprcx/movrcx's project) hasn't > patched the issue [1], even though Mozilla and Tor both did. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
