[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Self-deleting scripts in http connections

To: tor-talk mailing list <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Self-deleting scripts in http connections
From: Rythyrix <durindals917@xxxxxxxxx>
Date: Fri, 2 Dec 2016 20:47:11 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Dec 2016 23:48:01 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=54SvMVEaRfJuc1UNHFR9MmO/Ap6nJg/qPbKDZV/Fc9o=; b=aDN97aK04659p3IIE+ESK3oug8G9pYBhRGWv7C54mP69oY7vvkv86rlNTsL9Jx6r8l cZhKCOULRHFUYt8vjPReQdUnO8OVGGbl2yNeoiqItNMtnyc/1tj998sMGRZoekN64wo9 U0kItj0JWMPNXrlRbKenXmGHC1JCZYaWGRTGAHHMOzLW3vDZBFzVe48/J0CMpoEnJqoM iYmUDWtikqGs1D8GR8UOKfD9/Bno2Hl3c05feJ7UxhY2K+xdQVgvoTG1nn4S3fC7luMw LhIm2gGu7r7SpBjzu/S62Js+Y68TjJ7OBbSfJKn7W5zwWkckGBv/4UelPxZrGnwsTT+k tzvA==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1

Greetings, all.

Recently, as I was browsing over to coppersurfer dot tk , I on a whimopened up Firefox's Element Inspector (right click -> Inspect Element(Q)) . Imagine my surprise when I find a script before the title tag.(see pastebin HNqsDsq2 for sourcedump).

Given that I have NoScript, I needed to test it. Restarting with addonsdisabled made the script not appear by the time I managed to open theElement Inspector again. Given that Tor is based on Firefox, the abilityfor a site to remotely delete a script from a client browser isworrying. Is anyone willing to double check that this happens to morethan just myself?


A concerned netizen.

(I don't want to post hyperlinks, lack of accidental clicks that way.)

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Self-deleting scripts in http connections
  - From: Jonathan Marquardt

Prev by Author: Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor
Next by Author: Re: [tor-talk] Self-deleting scripts in http connections
Previous by thread: Re: [tor-talk] Hacker and Tor
Next by thread: Re: [tor-talk] Self-deleting scripts in http connections
Index(es):
- Author
- Thread