Is the Tor Bundle Firefox trying to run a shell script?

1 points by ingenium ↗ HN
I just updated to the latest Tor Bundle (2.3.25-11) for 64-bit Linux and verified the GPG signature. I have a torbrowser AppArmor profile setup, and noticed that Firefox refused to load, saying it couldn't open my profile (2.3.25-10 worked perfectly). AppArmor had denied access to ~/tor-browser_en-US/.mozilla/. I modified the AppArmor profile to allow this, and Firefox opened. It created a firefox subfolder in .mozilla, and that was it. No other files or folders in .mozilla/ or .mozilla/firefox/. Seemed odd, but nothing to really be concerned about.

Now here's where things get really fishy. I first enabled No Script (since it's disabled by default). Then I loaded a .onion site, and saw in my AppArmor logs that it had twice denied Firefox from executing /bin/dash. It seems Firefox was trying to run a shell script!

Am I just being paranoid? Is there any legitimate reason for Firefox to be doing this? I don't know how to investigate this any further, but figured I should probably disclose it just in case.

0 comments

[ 39.1 ms ] story [ 34.1 ms ] thread

No comments yet.