[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
#5744: TBB-Firefox allows style change on mouseover (JS disabled)
---------------------------------+------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: closed
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: not a bug | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------------+------------------------------------------
Comment(by mikeperry):
Replying to [comment:1 guiseppe]:
> As seen in #5741 disabling JS would prevent or mitigate a lot of privacy
and security invading issues.
> Why do you accept this ongoing threat caused by these crazy JS codes?
Because normal people can't use the web without JS and won't know why.
Mentats are free to click the "break the web button" if they wish.
> I mean, it is a nice effort to preserve as much as possible user
experience and normal browsing behavior (according to the TBB design
document). But this trade-off should not lead repeatedly to such security
holes we have seen recently.
We're going to adjust our development processes to address this instead.
Specifically, see #3846 and #5790.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5744#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs