Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

Borrar esta mensaxe

Responder a esta mensaxe
Autor: Jacob Appelbaum
Data:  
Para: The Tails public development discussion list
CC: Mike Perry
Asunto: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
On 8/7/15, jvoisin <julien.voisin@???> wrote:
> Hello,
>
> I disagree with your analysis;
> while the Apparmor profile (♥) will prevent tragic things like gpg key
> stealing, please keep in mind that an attacker can access every Firefox
> files, like cookies (stealing sessions), stored passwords, changing
> preferences (remember http://net.ipcalf.com/ ?), executing code inside
> the browser, …


I believe that the newest Tor Browser alpha will provide a fix. I hope
Mike will chime in here...

>
> This seems pretty serious to me, since people expect the web-browser to
> be reasonably trustworthy.


Agreed.

All the best,
Jacob