[tbb-bugs] #21685 [Applications/Tor Browser]: Remote New Tab pages have access to internal browser APIs in Firefox 52
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 8 14:11:08 UTC 2017
#21685: Remote New Tab pages have access to internal browser APIs in Firefox 52
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: ff52-esr, tbb-7.0-must,
Severity: Normal | TorBrowserTeam201703
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: Sponsor4 |
-------------------------------------+-------------------------------------
It is possible that remote New Tab pages have access to internal browser
APIs in Firefox 52.
PreviewProvider Messaging API
(https://bugzilla.mozilla.org/show_bug.cgi?id=1239119),
NewTabPrefsProvider Messaging API
(https://bugzilla.mozilla.org/show_bug.cgi?id=1239118), and
PlacesProvider Messaging API
(https://bugzilla.mozilla.org/show_bug.cgi?id=1239116)
are relevant. The content signature service
(https://bugzilla.mozilla.org/show_bug.cgi?id=1252882) is important in
this picture, too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21685>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list