[tbb-dev] Firefox/NoScript bug with major downstream effects

Georg Koppen gk at torproject.org
Mon Mar 11 15:12:00 UTC 2019

Erik Moeller:
> On 3/6/19 11:16 PM, Georg Koppen wrote:
>> Thanks for doing so. Would it be helpful if we just disabled the XSS
>> protection in the coming release (it causes other issues like #29647 and
>> we have a bug treating "allow/deny always" cases (#29646) properly, so
>> the motivation to do so is kind of independent of your bug)?
> Thanks for the quick response!
> Yes, that would be very helpful; the impact of this bug appears to be
> widespread and severe, and it's very difficult for users and devs to
> understand why it is occurring and how they can work around it.
> If the root cause is indeed an upstream Firefox bug, perhaps the balance
> will shift again in favor of enabling the feature by default, once that
> bug is resolved.
> If you do decide to disable this preference, can you already anticipate
> when that update would likely reach users?

We could try to squeeze this in into the upcoming release which should
be available for users next Tuesday, March 19, in Tor Browser 8.0.7.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20190311/ace52f60/attachment.sig>

More information about the tbb-dev mailing list