New Tor Browser Bundles (security release)
The Tor Browser Bundles have been updated with a very important security fix. As explained in the previous blog post, a user discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This is now fixed and we strongly encourage all users to update. There are a few other bugfixes in this release, including really fixing (for real this time!) the problem with the Mac OS X bundles crashing.
Tor Browser Bundle (2.2.35-11)
- Security release to stop TorBrowser from bypassing SOCKS proxy DNS configuration
- New Firefox patches:
- Prevent WebSocket DNS leak (closes: #5741)
- Fix a race condition that could be used to link browsing sessions together when using new identity from Tor Browser (closes: #5715)
- Remove extraneous BetterPrivacy settings from prefs.js (closes: #5722)
- Fix the mozconfig options for OS X so that it really builds everything with clang instead of llvm-gcc (closes: #5740)
I don't really know if this is just me, but when the ff window pops, the minimize-maximize-close buttons on the top right corner are not properly shown. In fact they are just black.
I know that's probably nothing though,
Thanks for the new update.
I'm using the Vidalia Bundle, together with an external version of Firefox. Am I affected by this security bug? Do I have to set network.websocket.enabled to false?