[tbb-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 10 10:27:33 UTC 2019


#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
 Reporter:  catalyst                             |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * cc: m1 (added)
 * keywords:  tbb-disk-leak, tbb-newnym => tbb-disk-leak, tbb-newnym,
               noscript


Comment:

 Okay, thanks for those steps that helped me a lot. Giorgio: given that
 this violates assumptions about Private Browsing Mode (PBM) usage (There
 should not be leaked any information about web browsing to disk in that
 mode let alone possibly problematic URLs) is there a way for NoScript to
 actually adhere to the PBM rules the user/Tor Browser has intentionally
 enabled? Like saving the exceptions in memory and only there if in PBM? It
 seems to me there is no reason to save them to disk in that case.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list