[tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 3 11:08:56 UTC 2012
#5744: TBB-Firefox allows style change on mouseover (JS disabled)
------------------------------+---------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by guiseppe):
Replying to [ticket:5744 rransom]:
> I currently have JS disabled by NoScript (by clicking the ‘Forbid
Scripts Globally’ option)
So you as an expert and Tor developer have JavaScript disabled by default?
But you recommend (in the official TBB-FAQ) enabling JS to the mass of
average Tor users.
As seen in #5741 disabling JS would prevent or mitigate a lot of privacy
and security invading issues.
Why do you accept this ongoing threat caused by these crazy JS codes?
I mean, it is a nice effort to preserve as much as possible user
experience and normal browsing behavior (according to the TBB design
document). But this trade-off should not lead repeatedly to such security
holes we have seen recently.
Sorry for writing down my thoughts in this ticket but it was the trigger..
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5744#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list