[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5912 [EFF-HTTPS Everywhere]: MyWOT extension breakage



#5912: MyWOT extension breakage
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde  
     Type:  defect                |         Status:  new  
 Priority:  normal                |      Milestone:       
Component:  EFF-HTTPS Everywhere  |        Version:       
 Keywords:                        |         Parent:  #3190
   Points:                        |   Actualpoints:       
----------------------------------+-----------------------------------------
 Recent changes to the MyWOT ruleset, released in 3.0development.3, are
 reportedly causing breakage in the MyWOT Firefox extension. This is an
 instance of bug #3190.

 The available courses of action are:

 1. Wind back the [https://gitweb.torproject.org/https-
 everywhere.git/history/HEAD:/src/chrome/content/rules/MyWOT.xml recent
 changes to the ruleset], although that will presumably leave mywot.com
 vulnerable to lots of attacks such as Firesheep-style cookie hijacking
 that those changes were trying to protect against.

 2. Have the MyWOT extension make all of these requests over HTTPS, in
 which case it will no longer trip over the HTTPS Everywhere redirects.

 3. Have the MyWOT extension listen for the "https-everywhere-uri-rewrite"
 event [https://gitweb.torproject.org/https-
 everywhere.git/blob/HEAD:/src/components/https-everywhere.js#l607 that we
 send]when we rewrite things, and re-start those requests over HTTPS

 4. Disable the MyWOT ruleset altogether.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5912>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs