[tor-bugs] #16514 [Tor Browser]: Tor Browser reset?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 7 13:31:46 UTC 2015
#16514: Tor Browser reset?
-------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version:
Keywords: security | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
I had a tor-browser-linux64-4.0.2_en unpacked and unused for a few months.
I hoped to start it and then update it. This failed in a spectacular
manner - I started it, it warned me that it was out of date - update was
only by redirection to a download page. While downloading the browser, I
noticed a prompt in the bottom of the browser window. It said something to
the effect of "you haven't run Tor Browser in a while, clean up?" - this
is when all hell broke loose. My profile was wiped and a new browser
window popped up - looked very different. I closed it. Attempting to start
Tor Browser after this point was impossible - it left me in a corrupt
state.
I think the new browser was likely configured to not use Tor - so this is
possibly a spectacular failure. I didn't test but it should be possible to
repro by setting the clock backwards, unpacking the right version of
torbrowser, setting the clock to today and clicking on the cleanup button.
Lunar suggests we need to do something with the browser.disableResetPrompt
option.
This is another example where having UnixSocket for SOCKS transport and a
properly sandboxed browser would have saved us, I think. Then even if
firefox is reconfigured, it fails closed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16514>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list