[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 01 Jun 2020 18:27:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Jun 2020 14:27:24 -0400
In-reply-to: <048.99bd31a493cdade397983a60c2ad68c8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.99bd31a493cdade397983a60c2ad68c8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
 Reporter:  catalyst                             |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ma1):

 Just to be clear, 11.0.27 in PBM tabs/windows does the following:

 1. Disables any contextual widget (in tab-originated the popups) leading
 to give permanent permissions (and therefore URLs to persisted on the
 disk): therefore you can only set Temp. TRUSTED or Temp. CUSTOM (neither
 TRUSTED, UNTRUSTED or permanent CUSTOM) unless that was the setting when
 the UI popup has been opened
 2. When unblocking a media element, the permission is always marked as
 temporary and never persisted to the disk.

 Of course you can still turn the temporary permissions to permanent from
 the "Per-site preferences" options panel, if you really want to.

 I'm not sure whether 1 is too strict for people who intentionally checked
 "override Tor Browser security policies", since this would erase any
 permission customization on browser restarts (as all Tor Browser windows
 are incognito, right?), but it seemed a transparent middle-way to help
 them not to shoot themselves in the foot. What do you think?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21829 [Applications/Tor Browser]: Tor constantly crumbles and does not join the sites.
Next by Author: Re: [tor-bugs] #33747 [Core Tor/Tor]: If the ExtORPort doesn't report an external IP address, Tor won't apply rate limiting or account for bandwidth on that connection
Previous by thread: Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
Next by thread: Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
Index(es):
- Author
- Thread