[tor-bugs] #22809 [Applications/Tor Browser]: Tor Browser does not provide red security warning for downloading executable in HTTP

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 5 10:46:00 UTC 2017


#22809: Tor Browser does not provide red security warning for downloading
executable in HTTP
--------------------------------------+--------------------------
 Reporter:  naif                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by naif):

 Afaik I've been told that Firefox UX team is very busy with the new major
 releases, so they will not be going to work on it soon.

 A good patch on Firefox from Tor Project would probably be the fastest
 solution, that could in turn go back to Firefox as "ready made" .

 As per definitions of exe or rpm or tarballs, we could probably define
 "any installer file that can be executed on the target machine" and that
 could be a list of content-type and extensions.

 That's something I'm going to bid and look forward to support financially
 and functionally for the implementation as I'm finding out that there are
 too many software being delivered over HTTP, target of malware infection
 appliance, and the only way to work around it is to have browser to warn
 or block that downloads (probably doing a sort of "securethe.news" but for
 software distribution security).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list