[tor-bugs] #8774 [EFF-HTTPS Everywhere]: Disable mixed content rulesets on FF 23+
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 24 02:31:39 UTC 2013
#8774: Disable mixed content rulesets on FF 23+
----------------------------------+-----------------------------------------
Reporter: pde | Owner: pde
Type: defect | Status: new
Priority: critical | Milestone: HTTPS-E 4.0dev8
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent: #6975
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Changes (by briansmith):
* cc: brian@… (added)
Comment:
pde: One of the next steps for the mixed content blocker for Firefox
should be to prevent addons from introducing mixed (active) content into a
page and/or disabling the mixed content blocking on any page. (See Mozilla
bugs 875606 and bug 875607.) Mixed active content is a serious security
concern for the affected site and I don't think that users would expect
addons--especially important security-enhancing tools like HTTPS
Everywhere--to add security vulnerabilities to any site. It is somewhat of
a judgement call as to whether mixed content is worse than less/no HTTPS.
As far as I'm concerned, the best thing for HTTPS Everywhere in Firefox to
do--even long term--is to simply disable all the rules that cause mixed
content situations. And, I think that Firefox should (eventually) make
things like "disable mixed content blocking if the only reason mixed
content happened was because of addon" impossible in any case.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8774#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list