[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security

Subject: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 09 Sep 2016 18:51:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Sep 2016 14:51:11 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20123: consider blocking remote jar files at Low Security
------------------------------------------+----------------------
     Reporter:  arthuredelstein           |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Mozilla recently blocked remote jar files by default:

 https://bugzilla.mozilla.org/show_bug.cgi?id=1215235

 Then they had to re-enable the remote jar files again in the release,
 because users of IBM iNotes (some sort of webmail thing) ran into an
 incompatibility.

 https://bugzilla.mozilla.org/show_bug.cgi?id=1255139

 In any case, Mozilla's intention is to block by default again in the
 future. So when that happens, if not sooner, we should ensure that our
 security slider is not re-enabling remote jar files at Low Security.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #19728 [Core Tor/Tor]: Pick, and deploy, a new bridge authority
Next by Author: Re: [tor-bugs] #19947 [Core Tor/Tor]: NULL %s in fmt string (dir_server_new() - routerlist.c)
Previous by thread: Re: [tor-bugs] #1922 [Core Tor/Tor]: torrc.d-style configuration directories
Next by thread: Re: [tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
Index(es):
- Author
- Thread