[tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 15 20:05:34 UTC 2013
#5273: Update TBB design doc for 2.3.x
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: needs_review
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Firefox Patch Issues | Version:
Keywords: MikePerry201302d | Parent:
Points: | Actualpoints: 16
----------------------------------+-----------------------------------------
Comment(by gk):
Replying to [comment:40 mikeperry]:
> gk: Ok, most of your comments should be reflected in the design doc. I
did not remove the paragraphs you suggested, but I did change the wording
a bit and remove the use of SHOULD and MUST.
That's fine IMO. The only thing I am not happy with here is that disabling
extensions is only mentioned in 2.3.4, an informational section. I mean,
extensions are basically as powerful as plugins and especially 3rd party
extensions (i.e. extensions installed by some crappy software as a
byproduct) caused Mozilla a lot of trouble as they were not seldom
malicious wrt the privacy/security of users. Why not adding a special
point at least in section 4.1. explaining that all system-wide/3rd party
extensions MUST be disabled as long as the user did not allow them as they
can easily bypass proxy settings creating e.g UDP sockets? Depending on
how they are programmed (see the contentaccessible flag, for instance)
extensions might as well contribute to cross-origin linkability...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list