[tor-bugs] #22974 [Applications/Tor Browser]: NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 21 19:37:13 UTC 2017
#22974: NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution
--------------------------------------+--------------------------
Reporter: tom | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:4 cypherpunks]:
> Replying to [comment:2 gk]:
> > That's the plan. We'll start with HTTPS-Everywhere (hopefully soon,
#10394 is the ticket for that) and do the same with NoScript afterwards.
>
> I'm all for that, but how will you deal with HTTPS-Everywhere ruleset
updates? In many cases, some sites may break with HTTPS-E and have
subsequent ruleset updates that fix them. With one HTTPS-E update
corresponding to a TB release, it would mean that for quiet some time (~2
months) some sites may be broken with TB.
Yes, which is why we did not do that step yet. HTTPS-Everywhere will have
a ruleset updater. Once this is ready we'll stop letting HTTPS-Everywhere
update itself once a new version is out.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22974#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list