[tor-bugs] #34136 [Applications/Tor Browser]: Audit the Content Process Sandbox Level bump in ESR68.8 on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 7 10:01:38 UTC 2020
#34136: Audit the Content Process Sandbox Level bump in ESR68.8 on Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: High | Component: Applications/Tor
| Browser
Version: | Severity: Major
Keywords: tbb-security, | Actual Points:
TorBrowserTeam202005 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
To fix CVE-2020-12388 and CVE-2020-12389, Mozilla set
`security.sandbox.content.level` to `6`.
The code to support that was backported to ESR: https://hg.mozilla.org
/mozilla-
unified/file/esr68/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#l505
Correctness and completeness of the backport should be audited.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34136>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list