[tbb-bugs] #30624 [Applications/Tor Browser]: Disable NoScript's XSS protection to avoid the whole computer freezing

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 26 07:39:19 UTC 2019

#30624: Disable NoScript's XSS protection to avoid the whole computer freezing
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  TorBrowserTeam201905,                |  Actual Points:
  GeorgKoppen201905                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by ma1):

 NVM, I managed to reproduce. It freezes the browser for a few seconds on
 8.5 (where browser.webextensions.remote is false) while the firefox.real
 process gets 100% CPU.
 What's more annoying, it appears to affect more than just the browser on
 my Ubuntu box if I turn browser.webextensions.remote to true, which is
 counterintuitive (the extension should be doing its thing in its own
 process while the facebook HTTP subrequest is suspended) but might be due
 to some kind of IPC bug: this time nothing really freeze, but again for a
 few seconds other application become sluggish as well while a
 WebExtensions process takes 100% CPU.
 Do Tor Browser 9.0 have browser.webextensions.remote set to false or true?
 Either way, since it's already executed asyncronously, I wanna try
 breaking the main InjectionChecker loop into time-capped chunks (e.g.
 100ms max) which give the CPU back periodically on these very costly to
 analyze payload, and possibly (but it might not be necessary) move the
 whole in a dedicated worker.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30624#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list