[tbb-bugs] #28873 [Applications/Tor Browser]: Cascading of permissions does not seem to work properly in Tor Browser 8

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 17 12:21:16 UTC 2018


#28873: Cascading of permissions does not seem to work properly in Tor Browser 8
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  reopened
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  noscript, tbb-security, tbb-         |  Actual Points:
  torbutton, tbb-8.0-issues, tbb-regression,     |
  TorBrowserTeam201812                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by boklm):

 It seems that an http page loading javascript with https using `<script
 src="https://.../">` is correctly blocked. What is not blocked is an https
 iframe containing scripts, inside an http page.

 This can be checked with:
 http://test-data.tbb.mars-attacks.org/noscript/https_iframe.html

 (for the test to work you first need to visit the https version of the
 page to add an exception for the self-signed certificate: ​https://test-
 data.tbb.mars-attacks.org/noscript/https_iframe.html)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28873#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list