[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22809 [- Select a component]: Tor Browser does not provide red security warning for downloading executable in HTTP



#22809: Tor Browser does not provide red security warning for downloading
executable in HTTP
--------------------------------------+-----------------
     Reporter:  naif                  |      Owner:
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
--------------------------------------+-----------------
 This ticket is to enhance Tor Browser that today does not provide red
 security warning for downloading executable in HTTP in clear text that can
 be easy subject to MITM attacks.

 Actually there's a ticket sitting on Mozilla Firefox to implement exactly
 that https://bugzilla.mozilla.org/show_bug.cgi?id=1303739 .

 The very same should apply for mixed content where from an HTTPS website
 there's download of executable from an HTTP resource.

 Attached the standard warning provided by Firefox that does not explain to
 the end-user how risky is the download of an executable over HTTP in
 clear.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs