What Skuto said, except "are private until a new release is out to the users" is really "6 to 12 months or more down the line" because (I think) they affect the Firefox OS core also which is on a much different schedule. You can actually go through all the bugs here: https://github.com/iSECPartner... but most of them will in fact be 'private'.

Agreed, we don't say 'Use Chrome', just that Chrome has a lot of security stuff we wish was in Firefox. We explicitly did not investigate FF sandboxing/multi-processing (and I thought we said that we explicitly excluded it) because we're not going to be able to make significant headway on that in 6 weeks while FF has been working on it for a while.

The fact that ASLR is not universally applied is a bug, full stop. It needs to be fixed ASAP.

Once you do *that*, exploring running TBB with EMET is worthwhile, as EMET may make exploitation more difficult. I'm not certain that it would actually make it difficult enough for Tor Project to try and get non-technical people to use it, but it's worth exploring IMO.

To your points: PartitionAlloc is independent of ASLR. The deterministic build system relies on cross-compiling on Linux for Windows/Mac. TBB can run under EMET now but it may be unstable. I do not think a Kickstart-funding of Pwn2Own is worthwhile. I also don't think a Pwn2Own on a TBB that doesn't have a lot of hardening is worthwhile - it's just too soft a target.

Would you email me pointers to the Commercial and FOSS ones? I might try and look into them https://ritter.vg/contact.html

It's all State Department grants and the like for Internet Freedom. They also release all their financials: https://blog.torproject.org/bl...