[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Apr 17 23:30:16 UTC 2012
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
------------------------------------------------------+---------------------
Reporter: Drugoy | Owner: ma1
Type: defect | Status: needs_review
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: address spoofing, critical vulnerability | Parent:
Points: | Actualpoints:
------------------------------------------------------+---------------------
Changes (by ma1):
* status: accepted => needs_review
Comment:
Mike, could you please apply *both* those patches in sequence (or just
merge the ChannelReplacement.js file from a NoScript 2.3.7 inside
IOUtil.js turning Cc/Ci into CC/CI) and check if everything works as
expected?
What I could check is that the bug doesn't happen and the frame's URL gets
swapped from http to https as expected, but I can't tell for sure the
merge doesn't break other stuff of yours.
Hope it helps.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list