We are not aware of any such thing. As rebelwebmaster noted, when we know that w... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dveditz_ on May 25, 2022 | parent | context | favorite | on: Security Vulnerability in Tor Browser

We are not aware of any such thing. As rebelwebmaster noted, when we know that we put it in our advisory.

Clearly the vulnerabilities are exploitable as demonstrated by Manfred Paul's winning Pwn2Own entry. The details were disclosed only to Zero Day Initiative staff (the contest organizers) and Mozilla. They have not been discovered on any website in the wild.

dveditz_ on May 26, 2022 | [–]

Tails has updated their advisory to remove that statement: https://tails.boum.org/security/prototype_pollution/index.en...

SubzeroCarnage on May 26, 2022 | | [–]

Perhaps Tails copy/pasted the page from an older notice?

Although the two patches have now been public for ~6 days at this point.

dredmorbius on May 26, 2022 | [–]

Who are "we" here?

AlexSW on May 26, 2022 | [–]

Judging by the post and the user's post history, almost certainly 'we' refers to Mozilla.

dredmorbius on May 26, 2022 | | [–]

Post history suggested at best ex- Mozilla to me.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact