[tbb-dev] Firefox/NoScript bug with major downstream effects

Erik Moeller erik at freedom.press
Thu Mar 7 18:55:02 UTC 2019

On 3/6/19 11:16 PM, Georg Koppen wrote:
> Thanks for doing so. Would it be helpful if we just disabled the XSS
> protection in the coming release (it causes other issues like #29647 and
> we have a bug treating "allow/deny always" cases (#29646) properly, so
> the motivation to do so is kind of independent of your bug)?
Thanks for the quick response!

Yes, that would be very helpful; the impact of this bug appears to be
widespread and severe, and it's very difficult for users and devs to
understand why it is occurring and how they can work around it.

If the root cause is indeed an upstream Firefox bug, perhaps the balance
will shift again in favor of enabling the feature by default, once that
bug is resolved.

If you do decide to disable this preference, can you already anticipate
when that update would likely reach users?

Thank you once again for your help with this. :)


Principal Project Manager
Freedom of the Press Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20190307/8ed04f95/attachment.sig>

More information about the tbb-dev mailing list