[tor-bugs] #22809 [- Select a component]: Tor Browser does not provide red security warning for downloading executable in HTTP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 4 09:27:28 UTC 2017
#22809: Tor Browser does not provide red security warning for downloading
executable in HTTP
--------------------------------------+-----------------
Reporter: naif | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-----------------
This ticket is to enhance Tor Browser that today does not provide red
security warning for downloading executable in HTTP in clear text that can
be easy subject to MITM attacks.
Actually there's a ticket sitting on Mozilla Firefox to implement exactly
that https://bugzilla.mozilla.org/show_bug.cgi?id=1303739 .
The very same should apply for mixed content where from an HTTPS website
there's download of executable from an HTTP resource.
Attached the standard warning provided by Firefox that does not explain to
the end-user how risky is the download of an executable over HTTP in
clear.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list