[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21923 [Applications/Tor Browser]: Allowing only HTTPS JavaScript on the medium security slider level is broken
#21923: Allowing only HTTPS JavaScript on the medium security slider level is
broken
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: noscript, tbb-usability-website, | Actual Points:
ff52-esr, TorBrowserTeam201704R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:9 ma1]:
> Replying to [comment:8 cypherpunks]:
>
> > Didn't you guess? ;-)
> > From your URL it failed with [...]
> > From AMO - works.
>
> No, I didn't and couldn't guess: those XPI files are identical (I
sinchronize them as soon as they're signed by AMO) and they both install
fine on a stable Firefox. Weird.
Well, it was 'Temporary load add-on for debugging' feature :)
> But, can you verify the bug reported here is fixed?
Hmm, how to say? Testing revealed:
1. https://check.torproject.org/?lang=en_US now is loading forever with no
success (e10s), or there is OCSP failure (non-e10s).
2. reloading youtube after high->medium gives no svg, etc (not noscript-
related?), second reloading works.
3. video is behind placeholder which allows video/mse, after clicking,
reloading leads to error on video, because audio/mse is blocked (but no
placeholder).
4. seems it was ad video, because after enabling audio/mse from menu,
there is an error again, because video/mse was blocked (but no placeholder
again).
5. strong feeling that that's not all ;)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21923#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs