[tor-talk] Security in Tor Browser related to Firefox ESR

Soul Plane soulplane11 at gmail.com
Thu Feb 6 07:05:01 UTC 2014


Yesterday I received a security alert that Firefox ESR was updated to 24.3.
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html

I am wondering if since Tor Browser is based on Firefox ESR it is now
subject to security vulnerabilities? When you release the Tor Browser
Bundle do you identify the version (24.2, 24.3,etc) of Firefox that it is
based on?

When Firefox patches vulnerabilities in the ESR product and makes a new
release do you do the same? I took a look at the git for Tor Browser and I
can't tell whether or not it integrates whatever changes are in Firefox
24.3.

Thanks


More information about the tor-talk mailing list