[tbb-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 23 08:32:00 UTC 2016


#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-regression, tbb-security-        |  Actual Points:
  slider, tbb-6.0-issues, noscript               |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:15 ma1]:
 > Therefore you may indeed notice a little delay (the default player
 appears briefly, immediately replaced by the placeholder), but no
 (potentially harmful) stream reaches the (potentially exploitable)
 decoder.

 Not sure what you mean but I hear the talk and see slides on the video for
 a while. So it seems to me there are things that reach the decoder.
 > Are you noticing anything different? If so, how I can reproduce and
 verify what you're observing?

 I am using an alpha Tor Browser (6.5a4) on a Linux machine (Debian
 testing) with NoScript 2.9.5.1. I set the security slider to "medium"
 (click on the green onion -> Security Settings...) which should make
 things click-to-play. Then I am loading the video pointed to in the
 description in a new tab. The result is not different from a pre 2.9.5
 NoScript being used.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19210#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list