Silk Road forums

Discussion => Newbie discussion => Topic started by: sillybird on August 05, 2013, 07:36 pm

Title: FH/Tormail Question
Post by: sillybird on August 05, 2013, 07:36 pm
I accessed tormail yesterday with javascript off, no script running, and I am running the latest tbb with firefox 17.0.7. From the information I've gathered, I should be safe? Can someone reassure me? Cheers
Title: Re: FH/Tormail Question
Post by: scene on August 05, 2013, 07:39 pm
YES
Title: Re: FH/Tormail Question
Post by: sillybird on August 05, 2013, 07:44 pm
OK. I figured that was the case. So this javascript exploit only could affect users who were running firefox 17?
Title: Re: FH/Tormail Question
Post by: mcguire39 on August 05, 2013, 08:02 pm
It looks like the Tor project's stance is that if you had FF 17.0.7 ESR you weren't vulnerable even if Javascript was enabled:
https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable

Also Astor has a pretty nice summary here: http://dkn255hz262ypmii.onion/index.php?topic=195873.msg1415334#msg1415334
Title: Re: FH/Tormail Question
Post by: jethro420247 on August 05, 2013, 09:12 pm
Below are couple more links, one from the tor project. Evidently if you were updating TBB when it requested, or you didn't install TBB until after June 26th you are safe. They fixed the vulnerability June 26th so any version of TBB after that was safe as I understand from the first

CLEARNET WARNING:
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
http://tsyrklevich.net/tbb_payload.txt
Title: Re: FH/Tormail Question
Post by: ethnophile on August 05, 2013, 09:16 pm
It looks like the Tor project's stance is that if you had FF 17.0.7 ESR you weren't vulnerable even if Javascript was enabled:
https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable

Also Astor has a pretty nice summary here: http://dkn255hz262ypmii.onion/index.php?topic=195873.msg1415334#msg1415334
+1 thanks