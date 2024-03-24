Stories
Tor Browser 13.0.13 Unscheduled Emergency Release

posted by janrinok on Sunday March 24, @12:58PM   Printer-friendly
An Anonymous Coward writes:

"This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected."

Mozilla Foundation Security Advisory 2024-16
Security Vulnerabilities fixed in Firefox ESR 115.9.1

Announced
March 22, 2024

CVE-2024-29944: Privileged JavaScript Execution via Event Handlers

Impact critical

Description

An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox.

Tails 6.0 is affected. Please update Tails 6.0 to the current version when they release it.

  • (Score: 2) by mcgrew on Sunday March 24, @01:39PM (2 children)

    by mcgrew (701) <publish@mcgrewbooks.com> on Sunday March 24, @01:39PM (#1350094) Homepage Journal

    And here I thought that TOR was primarily to brevent man in the middle attacks at public WiFi hotspots! You would think people were trying to hide their file sharing from the MAFIAA!

    BTW, I'm having trouble getting magnet links working in Mint...

    • (Score: 2) by requerdanos on Sunday March 24, @04:45PM (1 child)

      by requerdanos (5997) Subscriber Badge on Sunday March 24, @04:45PM (#1350110) Journal

      Not on Android?

      The number and variety of people who do their general purpose everyday computing on android (and iThing-type) devices never ceases to amaze me. I'd be lost without a real computer. And I don't even TOR.

      BTW today I noticed that there was a new version of Firefox-ESR in Debian stable, presumably related to the same issue.

