[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30115 [Applications/Tor Browser]: NoScript's XSS popup breaks circuit display in some cases
#30115: NoScript's XSS popup breaks circuit display in some cases
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-torbutton, tbb-
Severity: Normal | circuit-display,
| TorBrowserTeam201904
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
Go to https://getharvest.com and sign in. After entering your credentials
and sending them you'll get a NoScript XSS popup which is a false positive
in this case. More importantly for this bug, though: if you go back to
your window with the Harvest URL in the URL bar, clicking on the identity
box does not show your circuit anymore. The whole panel is gone. This does
not change either if I select the "block your request" option. The result
is, one is stuck and can't change/look at the circuit even.
Found by arma.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30115>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs