[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #28873 [Applications/Tor Browser]: Cascading of permissions does not seem to work properly in Tor Browser 8

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #28873 [Applications/Tor Browser]: Cascading of permissions does not seem to work properly in Tor Browser 8
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 27 Dec 2018 23:22:03 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 02 Jan 2019 23:05:25 -0500
In-reply-to: <042.f490170a76da5e3f4df27ff86c131b6c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.f490170a76da5e3f4df27ff86c131b6c@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28873: Cascading of permissions does not seem to work properly in Tor Browser 8
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  ma1
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  noscript, tbb-security, tbb-         |  Actual Points:
  torbutton, tbb-8.0-issues, tbb-regression,     |
  TorBrowserTeam201812R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by ma1):

 * status:  needs_review => needs_information


Comment:

 An afterthough: some users are complaining that having TRUSTED subframes
 constrained by DEFAULT/UNTRUSTED parent document is annoying, if not
 disfunctional: for instance if you've set Youtube to TRUSTED, embedded
 movies used to work without the need of raising privileges of the parent
 page. One may object that you could always use "show only this frame", but
 do we really have a strong case here for cascading inline restrictions to
 trusted subdocuments? What's the threat model we're guarding against
 (beside clickjacking, which is orthogonal to scripting though)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28873#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #14453 [Obfuscation/BridgeDB]: Implement statistics gathering for number of Bridges-per-Transport in BridgeDB
Next by Author: Re: [tor-bugs] #29023 [Core Tor/Tor]: prop289: Implement a fast PRNG
Previous by thread: Re: [tor-bugs] #28966 [Core Tor/Tor]: HSv3 client auth insufficiently documented (was: HiddenServiceAuthorizeClient incompatible) (was: HiddenServiceAuthorizeClient incompatible)
Next by thread: Re: [tor-bugs] #28873 [Applications/Tor Browser]: Cascading of permissions does not seem to work properly in Tor Browser 8
Index(es):
- Author
- Thread