[tor-bugs] #8774 [EFF-HTTPS Everywhere]: Disable mixed content rulesets on FF 23+

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 23 07:00:54 UTC 2013

#8774: Disable mixed content rulesets on FF 23+
 Reporter:  pde                   |          Owner:  micahlee       
     Type:  defect                |         Status:  assigned       
 Priority:  critical              |      Milestone:  HTTPS-E 4.0dev8
Component:  EFF-HTTPS Everywhere  |        Version:                 
 Keywords:                        |         Parent:  #6975          
   Points:                        |   Actualpoints:                 

Comment(by mikeperry):

 Please make sure it is easy to re-enable these rules. I am going to
 disable MCB in the 24-ESR based TBB until I have time to fix the MCB
 implementation and its bugs (including the nsIContentPolicy security
 issues not related to HTTPS-Everywhere, of which there are several).

 Also note that in the meantime, if we leave MCB enabled for stock Firefox
 HTTPS-Everywhere users, ruleset authors will try to write rules that fail
 for opaque and hard-to-diagnose reasons (due to nsIContentPolicy issues).
 This will undoubtedly discourage that volunteer community, and may lead
 new volunteers to conclude our software is simply broken.

 I really think we're letting Mozilla force us to shoot off our own foot
 with this MCB stuff (or at least outsource their dev workload on MCB to
 us), and it seems to be entirely because they've discovered that it
 matters more to us that MCB is done correctly and securely than it matters
 to them :/.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8774#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list