Feature #14751

Ensure Firefox's content sandboxing (Level 2) works

Added by intrigeri 2017-09-30 06:50:23 . Updated 2018-01-30 19:06:40 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2017-09-30
Due date:
% Done:

100%

Feature Branch:
Type of work:
Test
Blueprint:

Starter:
Affected tool:
Browser
Deliverable for:

Description

It’s probably going to be enabled in Tor Browser 7.0.7 (that we likely won’t ship) and 7.0.8 (that should in Tails 3.3): https://mailman.boum.org/pipermail/tails-dev/2017-September/011731.html


Subtasks


Related issues

Blocks Tails - Feature #13245: Core work 2018Q1: Foundations Team Resolved 2017-06-29

History

#1 Updated by intrigeri 2017-11-06 15:45:30

  • Assignee changed from anonym to intrigeri

#2 Updated by intrigeri 2017-11-06 15:45:59

#3 Updated by intrigeri 2017-11-08 21:26:22

  • Assignee changed from intrigeri to anonym

anonym said he was taking all this back. If this doesn’t work, please reassign to me ASAP.

#4 Updated by anonym 2017-11-15 11:30:58

  • Target version changed from Tails_3.3 to Tails_3.5

#5 Updated by intrigeri 2017-12-05 10:04:59

FWIW http://www.morbo.org/2017/11/linux-sandboxing-improvements-in.html is interesting (marginally for this ticket, but more for the one about upgrading to FF57 ESR, which I could not find).

#6 Updated by intrigeri 2017-12-07 13:00:35

  • Target version changed from Tails_3.5 to Tails_3.6

#7 Updated by intrigeri 2018-01-01 16:45:00

  • blocked by deleted (Feature #13244: Core work 2017Q4: Foundations Team)

#8 Updated by intrigeri 2018-01-01 16:45:04

#9 Updated by anonym 2018-01-30 19:06:40

  • Status changed from Confirmed to Resolved
  • Assignee deleted (anonym)
  • % Done changed from 0 to 100
  • QA Check set to Pass

Just like in the vanilla Tor Browser, our Tor Browser has security.sandbox.content.level set to 2 (meaning so we’re good!

(Note: on my system I have the firefox 58.0.1-1 Debian package installed, and it sets the level to 3, but that is from a change introduced in Firefox 57, so I can only assume Tor Browser will switch to it when bumping the ESR branch.)