1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-14 01:32:11 +00:00

update tor uplift: 13 new cves

This commit is contained in:
Rohan Kumar 2022-11-24 10:57:06 -08:00
parent 21af06925a
commit 509332550f
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479

View file

@ -13,5 +13,5 @@ On <time datetime="2022-06-28">2022-06-28</time>, Firefox 102 ESR was released.
The first stable release of the Tor Browser based on 102 ESR hasn't yet shipped (it's close; [an alpha version is available](https://blog.torproject.org/new-alpha-release-tor-browser-120a2/)). Seven years into the Tor uplift, the Tor Project isn't able to keep up with the Firefox ESR release calendar. I don't think the Tor Uplift will succeed at getting the Tor Browser to track Firefox's stable channel; at best, it's keeping the Tor Browser from falling too far behind ESR. The first stable release of the Tor Browser based on 102 ESR hasn't yet shipped (it's close; [an alpha version is available](https://blog.torproject.org/new-alpha-release-tor-browser-120a2/)). Seven years into the Tor uplift, the Tor Project isn't able to keep up with the Firefox ESR release calendar. I don't think the Tor Uplift will succeed at getting the Tor Browser to track Firefox's stable channel; at best, it's keeping the Tor Browser from falling too far behind ESR.
<ins>Update <time>2022-11-22</time>: Almost <time datetime="P148D">five months</time> since Firefox 102 became the latest ESR, over <time datetime="P63D">two months</time> since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser release (11.5.7) is still based on Firefox 91 ESR. [Five CVEs fixes from v102 were backported](https://blog.torproject.org/new-release-tor-browser-1154/). It's reasonable to assume that v91 has issues of its own that won't be addressed. Until the v102-based 12.x hits stable: if you don't use "safest", you might want to re-consider that with this information in mind.</ins> <ins>Update <time>2022-11-24</time>: <time datetime="P150D">five months</time> since Firefox 102 became the latest ESR, over <time datetime="P65D">two months</time> since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser desktop release (11.5.8) is still based on Firefox 91 ESR. [Five CVEs fixes from v102 were backported](https://blog.torproject.org/new-release-tor-browser-1154/) a while ago, and [another 13 were backported this week](http://www.timpi.com/); the situation is worse on Android. It's reasonable to assume that v91 has issues of its own that won't be addressed. Until the v102-based 12.x hits stable: if you don't use "safest", you might want to re-consider that with this information in mind.</ins>