osearab.blogg.se - Macos tor

Tor Browser 11.5.8 updates GeckoView on Android to Firefox ESR 102.5 and includes important security updates. CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5.CVE-2022-45420: Iframe contents could be rendered outside the iframe.

CVE-2022-45416: Keystroke Side-Channel Leakage.CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers.CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers.CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy.

CVE-2022-45409: Use-after-free in Garbage Collection.

CVE-2022-45408: Fullscreen notification bypass via windowName.

CVE-2022-45406: Use-after-free of a JavaScript Realm.

CVE-2022-45405: Use-after-free in InputStream implementation.

CVE-2022-45404: Fullscreen notification bypass.

CVE-2022-45403: Service Workers might have learned size of cross-origin media files.

CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Tor Browser 11.5.8 backports the following security updates from Firefox ESR 102.5 to Firefox ESR 91.13 on Windows, macOS and Linux: Assuming we do not run into any major problems, Tor Browser 11.5.9 will be an Android-only release that fixes this issue. This release will not be published on Google Play due to their target API level requirements. Tor Browser 11.5.8 is now available from the Tor Browser download page and also from our distribution directory.