[tbb-bugs] #12430 [Tor Browser]: Disable the jar: protocol for external resources via preference

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jan 30 15:46:14 UTC 2015


#12430: Disable the jar: protocol for external resources via preference
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  tbb-team
         Type:           |     Status:  needs_review
  enhancement            |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-security, tbb-firefox-patch,
  Browser                |  tbb-isec-report, TorBrowserTeam201501R
   Resolution:           |  Parent ID:  #9387
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 Replying to [comment:6 mikeperry]:
 > Their patch is here:
 https://github.com/iSECPartners/publications/blob/master/reports/Tor%20Browser%20Bundle/artifacts/network.jar
 .block-remote-files.patch

 Looks good to me. bug_12430 has it applied in a Tor Browser context.

 > They recommended we set this at "Low" (ie by default) in the slider. I
 would be more comfortable setting it at one of the Medium settings, I
 think.

 I agree. bug_9387_12430 in my Torbutton repo binds the pref to the medium-
 low setting.

 There is bug_12430 in my tor-browser-bundle-testsuite repo for a test
 patch, too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12430#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list