[tbb-bugs] #18782 [Tor Browser]: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 15 10:21:35 UTC 2016
#18782: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: assigned
Priority: Very High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+--------------------------
Comment (by cypherpunks):
Replying to [comment:20 cypherpunks]:
> As for chrome vs. content and NoScript's focus, ok. But did you miss the
part about Media Preview running a music player
I did not. You don't seem to understand how that works.
The element is an HTML5 audio, that's Firefox player. You can read the
source for said player if you look in Firefox's source tree.
> even though javascript was turned off completely in about:config?
News flash: a huge part of Firefox is written in javascript. The
about:config preference only disables it in content contexts, disabling
everywhere would make the browser stop working.
> I'm pretty sure the content wasn't php.
No idea what you're trying to say here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18782#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list