[tbb-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 24 13:31:58 UTC 2016

#10394: Torbrowser's updater updates HTTPS-everywhere
 Reporter:  StrangeCharm              |          Owner:  tbb-team
     Type:  task                      |         Status:  reopened
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by mcs):

 Replying to [comment:7 bugzilla]:
 > mcs, thanks for the clarification. But,
 > > Interim updates are still retrieved from addons.mozilla.org using the
 extension update mechanism
 > No. From EFF.

 Thanks. My mistake.

 > > so users can get updates if desired.
 > What does it mean (desired)? Update Add-ons Automatically is selected by

 It means users do have a way to disable updates if they want to do so. But
 most will keep the default setting.

 > > We use the same approach for NoScript.
 > No. But, maybe, it's better to use the same, because recent updates led
 to 5.2.0 on alpha, 5.1.x on stable and 5.2.1 on AMO.

 There is a policy question here: should we disable updates for bundled
 extensions. By allowing updates from EFF or AMO, we risk that users may
 get a version of an extension that is somehow incompatible with Tor
 Browser. But by allowing updates we ensure that users will have the latest
 (and hopefully most secure) versions of HTTPS-E and NoScript.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list