[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29646 [Applications/Tor Browser]: NoScript XSS user choices are persisted

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29646 [Applications/Tor Browser]: NoScript XSS user choices are persisted
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 06 Mar 2019 08:12:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Mar 2019 03:13:11 -0500
In-reply-to: <044.48d20277884088355a9bbac58dcb974f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.48d20277884088355a9bbac58dcb974f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29646: NoScript XSS user choices are persisted
-------------------------------------------------+-------------------------
 Reporter:  atac                                 |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak xss noscriptm tbb-     |  Actual Points:
  newnym                                         |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  tbb-disk-leak xss noscript => tbb-disk-leak xss noscriptm tbb-
     newnym


Comment:

 One could actually argue that it's exactly behaving as expected: You said
 *always*, now you get always (while just simply allowing/blocking would be
 session-wide (Or maybe it's bound to the domain? I have not checked)).

 That persists over New Identity, which is definitely a bug. But I am not
 sure what the best solution for the disk persistence would be. Just not
 offering those two options on the dialog? Or maybe we should just disable
 NoScript's XSS protections altogether given that it causes bugs like
 #29647 and #22362?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29646#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #29646 [Applications/Tor Browser]: NoScript XSS user choices are persisted
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #25642 [Webpages/Website]: translation of torproject.org
Next by Author: Re: [tor-bugs] #21003 [Core Tor/Tor]: extend_info_describe should list IPv6 address (if present)
Previous by thread: [tor-bugs] #29646 [Applications/Tor Browser]: NoScript XSS user choices are persisted
Next by thread: [tor-bugs] #29647 [Applications/Tor Browser]: Browser freezing due to NoScript XSS protection
Index(es):
- Author
- Thread