[tor-bugs] #10729 [Firefox Patch Issues]: Torbrowser shouldn't load flash into the process space by default

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 1 18:28:00 UTC 2014 

#10729: Torbrowser shouldn't load flash into the process space by default
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  enhancement          |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  extdev-interview,
   Resolution:                       |  interview
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 > Perhaps bob can explain the specific issue with flash in this ticket.
 Many cites doesn't allow to view video content if Flash player is not
 installed. Youtube also doesn't always allow to see it through `html5`. If
 you install Flash in Debian, it goes as separate `deb` package, which will
 be automatically recognized by all firefox instances running on your
 operating system. No matter which user (for TBB and anonymity or any
 other) you are using.

 For instance, in my case I have separate system user which is used only to
 view Flash videos from web. I also have anonymous system user which I use
 only to run Tor Browser Bundle. In this case I appreciate that Flash works
 in the first case, but I don't like it to be run under the second user.

 There is a [https://bugzilla.mozilla.org/show_bug.cgi?id=822177 ticket]
 which creates vulnerability in current version of TBB. E.g., I wanted to
 clean my history without closing all tabs (I understand security risks,
 but for that case it was acceptable). So, I followed: Edit -> Prefereces &
 Privacy -> clear all current history. This has worked as I wanted, but
 later I found Flash plugin was running in my anonymous account, in TBB!
 This is becase of that ticket.

 JFI: Remember also [https://trac.torproject.org/projects/tor/ticket/10280
 #10280] where similar issue was discussed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10729#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list