[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 20 Apr 2012 08:43:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 20 Apr 2012 04:43:47 -0400
In-reply-to: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  ma1           
     Type:  defect                                    |         Status:  needs_revision
 Priority:  major                                     |      Milestone:                
Component:  EFF-HTTPS Everywhere                      |        Version:                
 Keywords:  address spoofing, critical vulnerability  |         Parent:                
   Points:                                            |   Actualpoints:                
------------------------------------------------------+---------------------

Comment(by ma1):

 @mikeperry:
 The channel/window matching hack is there because some extensions which
 use hidden browsers (usually for prerendering) caused new windows to be
 spawned instead of frame navigations and similar unpleasant issues. As you
 can see, my noscript-merge.sh bash script attached above takes care of
 replacing the ABE dependency with equivalent self-contained code.

 @pde:
 Sorry, I have to rejected your patch ;)
 The ClassID in my code is correct (__without__ the trailing ";1"), but
 it's there for Fx 3.x legacy compatibility: Safe Browsing needed to be
 invoked explicitly that way in Gecko 1.9.1, now (Gecko >= 2) it's
 hardcoded and the component is gone.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5653 [Tor Client]: geoip and " "ExitNodes"
Next by Author: [tor-bugs] #5654 [ttdnsd]: ttdnsd has concurrency issues
Previous by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Next by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Index(es):
- Author
- Thread