[tbb-bugs] #29969 [Applications/Tor Browser]: Drag-and-drop search causes NoScript XSS warning

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 23 07:10:19 UTC 2019

#29969: Drag-and-drop search causes NoScript XSS warning
 Reporter:  cypherpunks                     |          Owner:  tbb-team
     Type:  defect                          |         Status:  new
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  noscript, TorBrowserTeam201905  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:

Comment (by gk):

 Replying to [comment:8 ma1]:
 > Replying to [comment:7 gk]:
 > > Yes, that's perfectly fine, thanks.
 > Sorry, I'm confused: did you already release yesterday after all?
 > Which buildID should I look for the fix? >= "20190416010130" (per
 https://bugzilla.mozilla.org/show_bug.cgi?id=1532530#c19 ) or something
 else (the 8.5 I've just been updated to has buildID="20190307010101")?
 > And I've just noticed https://developer.mozilla.org/en-US/docs/Mozilla
 /Add-ons/WebExtensions/API/runtime/getBrowserInfo now exposes an
 isTorBrowser info property, apparently because of us (look at the
 "reference" link). Since when (not in 8.5 yet, apparently)?

 We have a different buildID due to our reproducible builds. So, yes 8.5 is
 the one that needs to get out and that got out. The `isTorBrowser`
 property was wrong on MDN. Someone just added that to the wiki. Thanks for
 tjr for correcting that.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29969#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list