[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30396 [Applications/Tor Browser]: Re-enable NoScript after Mozilla bug #1549078
#30396: Re-enable NoScript after Mozilla bug #1549078
-------------------------+------------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+------------------------------------------
URGENT!
Saturday, May 4, 2019
TBB 8.0.8
NoScript 10.6.1
Summary:
The NoScript add-on was automatically disabled in the background and
removed from the toolbar without user intervention. Mozilla is rolling out
a fix for Desktop using the Studies system, but Mozilla studies are
disabled in Tor Browser. They don't have a fix yet for Android.
Description:
I had one tab open to google.com search results on Safer. A yellow banner
showed up across the top of the page inside the tab.
"One or more installed add-ons cannot be verified and have been disabled.
[Learn More] X"
The Add-ons tab (about:addons) says:
"Missing something? Some extensions are no longer supported by Tor
Browser. [Show legacy extensions]"
Which opens:
"Legacy Extensions
These extensions do not meet current Tor Browser standards so they have
been deactivated.
NoScript could not be verified for use in Tor Browser and has been
disabled. [More Information]"
https://framapic.org/3VdmyRwMaTTa/ysUgJsZGrTB9.png
"More Information" goes to this Mozilla page implying the add-on is not
signed (scary and false):
https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox
A banner on that page says:
We rolled out a hotfix that re-enables affected add-ons. The fix will be
automatically applied in the background within the next few hours. For
more details, please check out the update at https://support.mozilla.org
/en-US/kb/add-ons-failing-install-firefox
That page basically says there was a major fuck-up by a centralized
Mozilla signing update and that a patch fix will be applied unless Studies
are disabled in the browser. Mozilla studies are disabled in Tor Browser,
so we were hit with an unintentional attack and are blocked by default
from repair. It's a hole for administrative exploitation.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-
firefox/
https://bugzilla.mozilla.org/show_bug.cgi?id=1549078
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30396>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs