[tbb-bugs] #12430 [Tor Browser]: Disable the jar: protocol for external resources via preference
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 29 01:48:02 UTC 2015
#12430: Disable the jar: protocol for external resources via preference
-------------------------+-------------------------------------------------
Reporter: gk | Owner: tbb-team
Type: | Status: needs_review
enhancement | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-security, tbb-firefox-patch,
Browser | tbb-isec-report, TorBrowserTeam201501R
Resolution: | Parent ID: #9387
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by mikeperry):
* status: new => needs_review
* keywords: tbb-security, tbb-firefox-patch, tbb-isec-report =>
tbb-security, tbb-firefox-patch, tbb-isec-report,
TorBrowserTeam201501R
* parent: => #9387
Comment:
Their patch is here:
https://github.com/iSECPartners/publications/blob/master/reports/Tor%20Browser%20Bundle/artifacts/network.jar
.block-remote-files.patch
They recommended we set this at "Low" (ie by default) in the slider. I
would be more comfortable setting it at one of the Medium settings, I
think.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12430#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list