-
Tor Browser is still based on Firefox 115 ESR. Does this mean that it’s still affected by bugs listed here ?
-
What is the advice if you think you’ve potentially been compromised? I was browsing an imageboard just now on TB safer mode, and upon clicking a picture the mouse immediately started to have a fucking seizure. This “seizure” continued even after phisically disconnecting the mouse and until I rebooted. If this is an actual exploit and not a bug, this should mean that I am fully pwned by now because kernel exploit [?]. Potentially by the NSA/FBI. And I don’t mean to cause panic but this would also mean that there is likely a PNG vulnerability in Tor Browser rn that allows for a sandbox escape.
Tor Browser gets all the necessary security patches (and sometimes more) of each Firefox (ESR) version the same day Mozilla releases them.
You should at the very least always run Tor Browser in a sandbox such as flatpak or firejail, and preferably run it in a dedicated disposable virtual machine. Tails works great for the latter use case.
3 Likes
Then if this was an actual exploit it must have been an actual zero day by a government agency. Insane.
I use apparmor, bubblejail, and I compile my own linux-hardened kernel with minimal modules, and I apply a lot of the hardening suggestions from madaidan’s guide. Probably nothing short of Whonix could have saved me if this was actually an actual exploit. I erased all the directories that the TB sandbox had write access to, so hopefully that’s enough, but probably isn’t.
It is highly unlikely.
Why do you think a skilled threat actor abusing a highly complex exploit chain that’d work on Safer would then give itself away by making your mouse wiggle?
Far more likely your system froze or there was humidity interacting with your trackpad or carbon dioxide poisoning or psychosis.
6 Likes
Yeah, it doesn’t make sense unless for whatever reason this is a consequence of whatever exploit
Not possible. I physically disconnected the mouse and it continued to move around
Yes. What is really suspicious is the timing. I wouldn’t bat an eye at this if it wasn’t manifested at the exact moment I clicked to “expand picture” in said imageboard.
carbon monoxide isn’t possible. Psychosis, even if I said that wasn’t the case I guess is always possible.
The mouse flickering is completely gone after a reboot
Edit: the system didn’t freeze btw. I guess it could be a weird compositor bug, I don’t know. I rebooted very quickly
Maybe check your logs then? The cursor is often hardware backed by the GPU and driver issues could cause such flicker.
I’ve seen similar quirks on noveau and older radeon cards.
Unfortunately they’re wiped when I reboot 
I have a Pirate Islands card running with the AMDGPU driver
I can totally see that old GCN card doing something like that.
2 Likes
Just don’t. Running it as Flatpak weakens the overall sandboxing.
I don’t think that’s true anymore
It’s still true for Chromium, but no longer true for Firefox. Then again I’ve been wrong before.
but I thought Chromium no longer relied on the suid sandbox. It’s only an issue if you’re using a kernel with kernel.unprivileged_userns_clone=0, I think (because then Chromium needs the suid sandbox)
Why?
None of that has something to do with browsers in Flatpak.
You’re right. Chromium still uses a different sandbox when launched via flatpak.
If you’re going to run TOR in a sandbox OS like Tails anyway, would Whonix be the better option? Or does Tails have some unique advantages in your opinion?
As I see it, in a nutshell:
Whonix:
- Comparative Advantage: Compartmentalization.
- Networking has been separated out into a separate VM from the rest of your desktop. All traffic must pass through that “gateway” and is routed through the Tor Network. This makes it more resilient to some types of threats. But it isn’t a silver bullet.
Tails:
- Comparative Advantage: It’s “Amnesic” (non-persistent / ephemeral) and portable.
- When you boot up Tails, each session is unrelated to the previous (and future) sessions. You are booting into a fresh unaltered environment. No logs, no malware, changes can persist after shutdown. But it isnt’ a silver bullet.
- Comparative Advantage 2: It’s intended to be easy to use and somewhat “idiot proof”. Their target audience includes not-highly technical.
- Nice to Have: Tails’ version of Tor Browser comes with uBlock Origin preinstalled.
TL;DR Tails is ‘amnesic’, Whonix is not. Whonix has robust separation/compartmentalization, Tails does not.
2 Likes
My tests say otherwise. Firefox’s sandbox with Flatpak is still like it used to be and for sure not the same as native Firefox.
Hmm, how do you check it? Also, any idea why it still does that? I understand with Chromium because flatpak couldn’t grant the privileges that Chromium needed for its sandbox, but the unprivileged namespaces sandbox is unprivileged, no? Do you know if there are any technical limitations still?
EDIT
I just checked with the Brave flatpak. It uses the SUID sandbox, actually. Ungoogled Chromium flatpak uses the Flatpak sandbox.
Layer 1 Sandbox SUID
PID namespaces Yes
Network namespaces Yes
Seccomp-BPF sandbox Yes
Seccomp-BPF sandbox supports TSYNC Yes
Ptrace Protection with Yama LSM (Broker) Yes
Ptrace Protection with Yama LSM (Non-broker) Yes
Flatpak’s seccomp filter is the problem and nothing will change in the near future, because blocking of these syscalls is actually needed and makes sense for the majority of applications. Just for applications which have their own strong sandboxing, like browsers, it makes it worse.
This is just self-reporting, which can be messed with.