[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #19508 [Applications/Tor Browser]: Proposal to drop Tor Browser's plugin patches
#19508: Proposal to drop Tor Browser's plugin patches
------------------------------------------+--------------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | TorBrowserTeam201606
Points: | Parent ID:
Sponsor: | Reviewer:
------------------------------------------+--------------------------------
Tor Browser has three patches related to blocking plugins:
* #3547 adds a function that whitelists the flash plugin only and excludes
loading all other plugins
* #8312 hides the link to "Manage plugins" when the plugin is disabled
* #10280 adds a UI for enabling/disabling plugins in the add-ons page
These patches were introduced when Flash was still in fairly wide use. But
since then, Flash has been disabled by default in Firefox, and is replaced
on a substantial number of websites by HTML5 video and JavaScript.
Furthermore, we want to strongly discourage users from using Flash as
there is a significant risk that it will bypass the proxy or expose the
user to tracking or security vulnerabilities.
First, from what I can see, when the pref `plugin.disable` is set to true
(as it is in `browser/app/profile/000-tor-browser.js`), all plugins
(including Flash) are blocked from ever loading into the Firefox process.
Therefore the code in our #3547 is never exercised.
Second, #10280 only makes it more likely for the user to set
"plugin.disable" to false, by exposing that pref in the UI.
Finally, #8312 seems unnecessary because, when "plugin.disable" is true,
no "Manage plugins" link appears. Instead, the only message is "A plugin
is needed to display this content." Also, various popular video sites,
such as YouTube and Vimeo, now use HTML5 video without any complaints
about missing Flash.
So I would suggest we can drop these three patches. Instead we might
consider a couple of UI tweaks to improve user safety:
1. Hide the Plugins section of about:addons altogether to prevent the user
from even considering loading any plugins
2. Change the plugin failure message to "A plugin would be needed to
display this content. For security reasons, Tor Browser does not support
plugins."
I think both of these changes could be implemented as XUL overlays in
torbutton.
Finally, for extra safety, we could add an extra C++ patch that ensures
that whenever an nsPluginsDir::LoadPlugin implementation is called, the
"plugin.disabled" pref is checked and, if it is true, the function loads
nothing and returns an error code. I think such a patch might be
upstreamable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19508>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs