[tor-bugs] #8774 [EFF-HTTPS Everywhere]: Disable mixed content rulesets on FF 23+
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 23 07:00:54 UTC 2013
#8774: Disable mixed content rulesets on FF 23+
----------------------------------+-----------------------------------------
Reporter: pde | Owner: micahlee
Type: defect | Status: assigned
Priority: critical | Milestone: HTTPS-E 4.0dev8
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent: #6975
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mikeperry):
Please make sure it is easy to re-enable these rules. I am going to
disable MCB in the 24-ESR based TBB until I have time to fix the MCB
implementation and its bugs (including the nsIContentPolicy security
issues not related to HTTPS-Everywhere, of which there are several).
Also note that in the meantime, if we leave MCB enabled for stock Firefox
HTTPS-Everywhere users, ruleset authors will try to write rules that fail
for opaque and hard-to-diagnose reasons (due to nsIContentPolicy issues).
This will undoubtedly discourage that volunteer community, and may lead
new volunteers to conclude our software is simply broken.
I really think we're letting Mozilla force us to shoot off our own foot
with this MCB stuff (or at least outsource their dev workload on MCB to
us), and it seems to be entirely because they've discovered that it
matters more to us that MCB is done correctly and securely than it matters
to them :/.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8774#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list