[tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x

[Tor Bug Tracker & Wiki]

#5273: Update TBB design doc for 2.3.x
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry                    
     Type:  defect                |         Status:  needs_review                 
 Priority:  major                 |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch Issues  |        Version:                               
 Keywords:  MikePerry201302d      |         Parent:                               
   Points:                        |   Actualpoints:  16                           
----------------------------------+-----------------------------------------

Comment(by gk):

 Replying to [comment:40 mikeperry]:
 > gk: Ok, most of your comments should be reflected in the design doc. I
 did not remove the paragraphs you suggested, but I did change the wording
 a bit and remove the use of SHOULD and MUST.

 That's fine IMO. The only thing I am not happy with here is that disabling
 extensions is only mentioned in 2.3.4, an informational section. I mean,
 extensions are basically as powerful as plugins and especially 3rd party
 extensions (i.e. extensions installed by some crappy software as a
 byproduct) caused Mozilla a lot of trouble as they were not seldom
 malicious wrt the privacy/security of users. Why not adding a special
 point at least in section 4.1. explaining that all system-wide/3rd party
 extensions MUST be disabled as long as the user did not allow them as they
 can easily bypass proxy settings creating e.g UDP sockets? Depending on
 how they are programmed (see the contentaccessible flag, for instance)
 extensions might as well contribute to cross-origin linkability...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online