[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18782 [Tor Browser]: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
#18782: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: assigned
Priority: Very High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+--------------------------
Comment (by cypherpunks):
I did see #13020, and thank you for addressing.
However, ESR45 won't change the fact that Page Info/Media Preview allows
things that seemingly should be disabled via internal settings; that part
of Firefox may not be affected by the same controls as other parts of the
browser.
As for chrome vs. content and NoScript's focus, ok. But did you miss the
part about Media Preview running a music player even though javascript was
turned off completely in about:config? I'm pretty sure the content wasn't
php.
Anyway, new bug filed at #18829.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18782#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs