[tor-bugs] #722 [Torbutton]: Extension should not override nsSessionStore.js
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 27 03:23:36 UTC 2015
#722: Extension should not override nsSessionStore.js
---------------------------+--------------------
Reporter: yosh | Owner:
Type: defect | Status: closed
Priority: trivial | Milestone:
Component: Torbutton | Version: 1.1
Resolution: fixed | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+--------------------
Changes (by saint):
* cc: saint (added)
* status: new => closed
* resolution: None => fixed
Old description:
> The extension currently replaces nsSessionStore.js with its own copy.
> This is bad for many reasons:
>
> 1) It's currently the FF2 version, even when running on FF3. This breaks
> both the browser features that depend on functionality only available in
> FF3's session store, as well as any extension that depends on that
> functionality.
> 2) Even if it's synced up with the FF3 version, it's still bad, because
> if there is a security issue in nsSessionStore.js fixed in a point
> release for FF3, users of this extension will still be vulnerable until
> it is resynced in a new release, which could take a while.
>
> Please find another way to do what you want to do without forking the
> component.
>
> [Automatically added by flyspray2trac: Operating System: All]
New description:
The extension currently replaces nsSessionStore.js with its own copy. This
is bad for many reasons:
1) It's currently the FF2 version, even when running on FF3. This breaks
both the browser features that depend on functionality only available in
FF3's session store, as well as any extension that depends on that
functionality.
2) Even if it's synced up with the FF3 version, it's still bad, because if
there is a security issue in nsSessionStore.js fixed in a point release
for FF3, users of this extension will still be vulnerable until it is
resynced in a new release, which could take a while.
Please find another way to do what you want to do without forking the
component.
[Automatically added by flyspray2trac: Operating System: All]
--
Comment:
This has been fixed upstream by Mozilla, and the calls are now published
here: https://developer.mozilla.org/en-
US/docs/Observer_Notifications#Session_Store
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/722#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list