[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 03 May 2012 11:08:56 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 May 2012 07:09:13 -0400
In-reply-to: <047.cf10659cc2dc8c9c551a46d6a480c146@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.cf10659cc2dc8c9c551a46d6a480c146@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5744: TBB-Firefox allows style change on mouseover (JS disabled)
------------------------------+---------------------------------------------
 Reporter:  rransom           |          Owner:  mikeperry
     Type:  defect            |         Status:  new      
 Priority:  normal            |      Milestone:           
Component:  TorBrowserButton  |        Version:           
 Keywords:                    |         Parent:           
   Points:                    |   Actualpoints:           
------------------------------+---------------------------------------------

Comment(by guiseppe):

 Replying to [ticket:5744 rransom]:
 > I currently have JS disabled by NoScript (by clicking the âForbid
 Scripts Globallyâ option)

 So you as an expert and Tor developer have JavaScript disabled by default?
 But you recommend (in the official TBB-FAQ) enabling JS to the mass of
 average Tor users.

 As seen in #5741 disabling JS would prevent or mitigate a lot of privacy
 and security invading issues.
 Why do you accept this ongoing threat caused by these crazy JS codes?

 I mean, it is a nice effort to preserve as much as possible user
 experience and normal browsing behavior (according to the TBB design
 document). But this trade-off should not lead repeatedly to such security
 holes we have seen recently.

 Sorry for writing down my thoughts in this ticket but it was the trigger..

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5744#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #5757 [Tor Support]: Windows users should extract TBB to Desktop or USB
Next by Author: Re: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
Previous by thread: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
Next by thread: Re: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
Index(es):
- Author
- Thread