[tbb-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 30 06:56:03 UTC 2017


#22981: Don't block audio/video on https sites under Medium Security
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability, tbb-security-slider,  |  Actual Points:
  ux-team                                        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 One other potentially useful comparison is the threat of exploits via
 content JS (non-JITed) vs the threat from video (and audio). Skimming
 through [https://www.cvedetails.com/product/3264/Mozilla-
 Firefox.html?vendor_id=452 Firefox's list of historical vulnerabilities]
 gives me the impression that the threat from scripts is higher than that
 from video. (Please correct me if I'm somehow getting the wrong
 impression.) A higher risk from scripts also appeals to my intuition,
 given that the C++ codebase exercised by Web APIs is pretty huge.

 If it's true that scripts pose a greater threat than video, the benefit of
 blocking videos while allowing scripts seems not so compelling.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22981#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list