[tor-bugs] #22899 [Applications/Tor Browser Sandbox]: `about:addons`'s "Get Addons" pane is unsafe and should be treated as such.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 12 19:17:05 UTC 2017


#22899: `about:addons`'s "Get Addons" pane is unsafe and should be treated as such.
--------------------------------------------------+---------------------
     Reporter:  yawning                           |      Owner:  yawning
         Type:  defect                            |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Applications/Tor Browser Sandbox  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+---------------------
 https://github.com/mozilla/addons-frontend/issues/2785

 > Right now the about:addons page loads an iFrame with content hosted on a
 Mozilla
 > website ("The Discovery Pane"). This page contains Google Analytics.
 Because we
 > don't allow add-ons to run on about:* pages, add-ons that would block GA
 don't
 > work here.

 It appears that they are making this DNT based, which is entirely
 inadequate as any form of user tracking should be explicitly opt-in.  My
 plan unless people tell me otherwise is to totally reject requests to
 `discovery.addons.mozilla.org` unless `Modifiable Extensions` is enabled.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22899>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list