[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 27 Jan 2018 22:42:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 27 Jan 2018 17:43:08 -0500
In-reply-to: <051.fd91c6e7d428b5976b5586e967006812@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.fd91c6e7d428b5976b5586e967006812@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25000: TorBrowser's NoScript is breaking add-on system
--------------------------------------+-----------------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:  100
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by ma1):

 Is there any valid reason why [System+Principal] (which is the very first
 entry in NoScript 5's "stock" mandatory whitelist) is not included in the
 default Tor Browser whitelist?

 Anyway, this absence is the culprit (and in facts, this problem happens
 only in the Tor Browser which deploys its "special" shortlisted mandatory
 whitelist).

 The Tor Browser enforces permissions cascading, and in the Add-ons Options
 window the top frame is about:addons, whose principal's origin is
 [System+Principal]. Since this origin is omitted from Tor Browser's
 version of NoScript mandatory whitelist, the top site by default is
 considered forbidden, cascading down script blocking to the WebExtension's
 subframe.

 Temporary work-around for users having this problem: manually add
 [System+Principal] to your whitelist.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25000#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #24788 [Metrics/Relay Search]: Please put a timezone on the relay search data time
Next by Author: Re: [tor-bugs] #24912 [Applications/Tor Browser]: Prepare tor-browser-build for building stable releases
Previous by thread: Re: [tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's NoScript is breaking add-on system
Next by thread: Re: [tor-bugs] #25000 [Applications/Tor Browser]: TorBrowser's modifications to NoScript's mandatory whitelist break some webextensions (was: TorBrowser's NoScript is breaking add-on system)
Index(es):
- Author
- Thread