With this blog entry: https://blog.torproject.org/blog/new-tor-browser-bundles-security-release
It claims 2.2.35-11 fixes a problem posted here: https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs With Tor Browser Bundle (2.2.35-11); suite=linux installed, I read where it was fixed in the changelog: From: ~/tor-browser_en-US/Docs/changelog: * New Firefox patches: - Prevent WebSocket DNS leak (closes: #5741) But when running this new bundle version, network.websocket.enabled remains set at true. How was this patched when the value remains set as true? Shouldn't the above value now be set at false? The former blog post, prior to the recent release, states: "To fix this dns leak/security hole, follow these steps: Type about:config (without the quotes) into the Firefox URL bar. Press Enter. Type websocket (again, without the quotes) into the search bar that appears below "about:config". Double-click on network.websocket.enabled. That line should now show false in the Value column." Unless this was patched elsewhere in the browser (if so, where?) how has Tor Browser Bundle (2.2.35-11); suite=linux been patched to resolve this issue when the same field, network.websocket.enabled appears as true in this new release? _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
