[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Torbutton 1.1.13-alpha released



Version 1.1.13 of the development series of the Torbutton Firefox
Extension has been released at https://torbutton.torproject.org/dev/

This release features a couple of important security fixes to work
around two Firefox bugs. Firefox bug 409737 allows pages to still
execute some javascript after Tor has been toggled, and Firefox bug
401296 allows plugins to be loaded via direct links and
meta-refreshes.

Here is the complete changelog:
 * bugfix: Implement workarounds to disable Javascript network access 
   for Firefox Bug 409737
 * bugfix: Improved plugin-disabling workarounds for Firefox Bug
   401296 
 * misc: Set network.protocol-handler.warn-external.* to warn on
   external app handlers during Tor usage
 * misc: Disable browser.safebrowsing.enabled during Tor usage since
   it retrieves some information in plaintext.
 * misc: Disable browser.send_pings.
 * misc: Block Javascript back/forward manipulation if Tor is enabled
 * new: Option to clear HTTP auth on Tor toggle

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpHLmNwQHMAE.pgp
Description: PGP signature