[tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 11 01:41:43 UTC 2015
#14851: NoScript update caused permissions pref update
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: tbb-
Type: defect | team
Priority: normal | Status: new
Component: Tor Browser | Milestone:
Keywords: TorBrowserTeam201502, tbb-disk-leak | Version:
Parent ID: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
If you download Tor Browser 4.0.2 from https://archive.torproject.org/tor-
package-archive/torbrowser/4.0.2/, it comes with an old NoScript. If you
go into the addons UI and update noscript by itself without updating Tor
Browser, NoScript is able to change its defaults. For some reason, it does
not do this upon update from 4.0.2 to 4.0.3.
The pref in question that is concerning is
noscript.volatilePrivatePermissions. We want this to remain true, but
updating noscript caused its new default value to become false.
There are two issues here: First, what is the best way to switch this pref
back to true for our users? Can we simply update our extension-
overrides.js file for this pref for update?
Second, what caused this discrepancy to happen? How do we prevent it in
the future? Now that we have an updater, should we disable updates for
NoScript and HTTPS-Everywhere in 4.5?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14851>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list