[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x
#5273: Update TBB design doc for 2.3.x
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: needs_review
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Firefox Patch Issues | Version:
Keywords: MikePerry201302d | Parent:
Points: | Actualpoints: 16
----------------------------------+-----------------------------------------
Comment(by gk):
Replying to [comment:40 mikeperry]:
> gk: Ok, most of your comments should be reflected in the design doc. I
did not remove the paragraphs you suggested, but I did change the wording
a bit and remove the use of SHOULD and MUST.
That's fine IMO. The only thing I am not happy with here is that disabling
extensions is only mentioned in 2.3.4, an informational section. I mean,
extensions are basically as powerful as plugins and especially 3rd party
extensions (i.e. extensions installed by some crappy software as a
byproduct) caused Mozilla a lot of trouble as they were not seldom
malicious wrt the privacy/security of users. Why not adding a special
point at least in section 4.1. explaining that all system-wide/3rd party
extensions MUST be disabled as long as the user did not allow them as they
can easily bypass proxy settings creating e.g UDP sockets? Depending on
how they are programmed (see the contentaccessible flag, for instance)
extensions might as well contribute to cross-origin linkability...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs