[tor-bugs] #11763 [TorBrowserButton]: Double clicking OK button after proxy change disables all security settings

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 6 07:04:19 UTC 2014 

#11763: Double clicking OK button after proxy change disables all security settings
------------------------------+---------------------------
 Reporter:  scissors          |          Owner:  mikeperry
     Type:  defect            |         Status:  new
 Priority:  normal            |      Milestone:
Component:  TorBrowserButton  |        Version:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
------------------------------+---------------------------
 Tested on TorBrowser 3.6 Linux and Windows.

 Steps to reproduce bug:
 * Click Torbutton -> Preferences
 * Select Transparent Torification
 * Double click the OK button (to reliably reproduce bug click as many
 times as you can)

 All security settings are now disabled. The "Are you sure you want to
 enable plugins?" warning pop-up will appear (unless plugins were already
 enabled, or you've ticked the 'Never ask me again' box). Opening up
 Torbutton preferences again and looking at the Security Settings tab shows
 that all four are disabled, about:config confirms they are disabled. The
 full list of disabled settings is:
 * block_disk
 * no_tor_plugins
 * resist_fingerprinting
 * resize_new_windows
 * restrict_thirdparty

 The settings remain disabled even after setting the proxy mode back to
 'recommended'. This bug is independent of whether a transparent proxy is
 actually available or not.

 Because the preferences window freezes for up to several seconds after
 pressing OK when Transparent Torification is selected (presumably as the
 remote check is performed), multiple-clicking the OK button is a natural
 reaction. Clearly this bug is a risk as users (especially those with flash
 already enabled/having clicked 'Never ask me again') are unaware that
 these settings are being disabled and they remain disabled until manually
 changed back.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11763>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list