[tor-bugs] #13893 [Tor Browser]: Torbrowser crashes on start when using MS EMET 5.x
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 18 22:46:46 UTC 2016
#13893: Torbrowser crashes on start when using MS EMET 5.x
-------------------------------------------------+-------------------------
Reporter: Diapolo | Owner: gk
Type: defect | Status:
Priority: High | needs_revision
Component: Tor Browser | Milestone:
Severity: Blocker | Version:
Keywords: tbb-security, TorBrowserTeam201601, | Resolution:
GeorgKoppen201601 | Actual Points:
Parent ID: | Points:
Sponsor: SponsorU |
-------------------------------------------------+-------------------------
Changes (by bugzilla):
* keywords:
tbb-crash, tbb-usability-stoppoint-app, TorBrowserTeam201601,
GeorgKoppen201601
=> tbb-security, TorBrowserTeam201601, GeorgKoppen201601
* severity: Normal => Blocker
Comment:
Sorry for spam, but Mozilla fixed its bug, stated in comment:16, in FF 44b
and later: https://hg.mozilla.org/releases/mozilla-beta/rev/71d087ecddc0
So, disabling IOInterposer was right solution.
But, as stated in comment:19, AvailableMemoryTracker is another bad stuff
from Mozilla and can be disabled too - proof:
Only two craps from all the FF code use WindowsDllInterceptor, which is an
interceptor (by name too :) that means "hacking" technique is used. This
is unacceptable by any security mitigation tool, such as EMET.
EMET closes Tor Browser when detects security hole in it that can be
exploited by SimExecFlow technique. So, it is not a crash, but security
threat.
Usability of Tor Browser = zero in secured environments (protected by EMET
or else), so severity is set to blocker (because EMET blocks unsecured TBB
and this blocks TBB from using).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13893#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list