[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25147 [Applications/Tor Browser]: Backport of fix shipped in Firefox 58.0.1?

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25147 [Applications/Tor Browser]: Backport of fix shipped in Firefox 58.0.1?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 18 Apr 2018 23:26:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Apr 2018 19:26:39 -0400
In-reply-to: <042.61c1b1979d75729e90ecf9d51edaaea9@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.61c1b1979d75729e90ecf9d51edaaea9@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25147: Backport of fix shipped in Firefox 58.0.1?
--------------------------------------+-----------------------------------
 Reporter:  gk                        |          Owner:  pospeselr
     Type:  task                      |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201804R     |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------
Changes (by pospeselr):

 * keywords:  TorBrowserTeam201804 => TorBrowserTeam201804R


Comment:

 So the innerHTML property has been changed such that all existing
 assignments will automatically sanitize the HTML if it's running within
 the system context.  The new UnsafeSetInnerHTML method that has replaced
 some of the innerHTML = X statements is meant to circumvent this check for
 known cases where firefox needs to hand craft some HTML within the system
 context.

 Any issues here with this patch would result in breaking functionality,
 rather than making system context pages less safe.

 I've gone through all the dependent bugs against
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1432966 #1432966] and
 verified they either don't apply or have already been brought down to our
 latest branch ( origin/tor-browser-52.7.3esr-8.0-1 )

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25147#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #25756 [Core Tor/Tor]: I keep getting this error on my relay
Next by Author: Re: [tor-bugs] #25475 [Webpages/Website]: Credits page
Previous by thread: [tor-bugs] #25844 [Core Tor/Chutney]: Ignore DownloadSchedule deprecation warnings in chutney
Next by thread: Re: [tor-bugs] #25147 [Applications/Tor Browser]: Backport of fix shipped in Firefox 58.0.1?
Index(es):
- Author
- Thread