Version 1.1.13 of the development series of the Torbutton Firefox Extension has been released at https://torbutton.torproject.org/dev/ This release features a couple of important security fixes to work around two Firefox bugs. Firefox bug 409737 allows pages to still execute some javascript after Tor has been toggled, and Firefox bug 401296 allows plugins to be loaded via direct links and meta-refreshes. Here is the complete changelog: * bugfix: Implement workarounds to disable Javascript network access for Firefox Bug 409737 * bugfix: Improved plugin-disabling workarounds for Firefox Bug 401296 * misc: Set network.protocol-handler.warn-external.* to warn on external app handlers during Tor usage * misc: Disable browser.safebrowsing.enabled during Tor usage since it retrieves some information in plaintext. * misc: Disable browser.send_pings. * misc: Block Javascript back/forward manipulation if Tor is enabled * new: Option to clear HTTP auth on Tor toggle -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpHLmNwQHMAE.pgp
Description: PGP signature