
Deep down the certificate pinning rabbit hole of “Tor	Browser Exposed” - moyix
http://seclists.org/dailydave/2016/q3/51
======
bahjoite
Tor Browser 6.0.5, with a fix for this bug, is available.

[https://blog.torproject.org/blog/tor-
browser-605-released](https://blog.torproject.org/blog/tor-
browser-605-released)

------
im4w1l
What does this mean for a TBB user?

~~~
simcop2387
From what it looks like, basically full control of the browser by anyone that
can manage to I personate the addons.mozilla.org. and that the fix wasn't
expected or understood in the sept 4th nightly release. there's probably going
to be a bigger investigation of this problem from what I'd expect because of
that.

