[tbb-bugs] #21923 [Applications/Tor Browser]: Allowing only HTTPS JavaScript on the medium security slider level is broken

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 19 20:32:22 UTC 2017

#21923: Allowing only HTTPS JavaScript on the medium security slider level is
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  noscript, tbb-usability-website,     |  Actual Points:
  ff52-esr, TorBrowserTeam201704R                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by cypherpunks):

 Replying to [comment:7 ma1]:
 > Replying to [comment:5 cypherpunks]:
 > > 16:02:59.098 Error: Only restartless (bootstrap) add-ons can be
 installed from sources:
 > > Stack trace:
 > >
 > Where are you installing the XPI from? Did you try from the URL I
 provided you with, or from AMO ( https://addons.mozilla.org/en-
 US/firefox/addon/noscript/versions/beta )?
 Didn't you guess? ;-)
 From your URL it failed with
 1492633619500   addons.xpi      WARN    Download of
 failed: [Exception... "Certificate issuer is not built-in."  nsresult:
 "0x80004004 (NS_ERROR_ABORT)"  location: "JS frame ::
 resource://gre/modules/CertUtils.jsm :: checkCert :: line 171"  data: no]
 Stack trace: checkCert()@resource://gre/modules/CertUtils.jsm:171 <
 From AMO - works.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21923#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list