[tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 30 06:56:03 UTC 2017
#22981: Don't block audio/video on https sites under Medium Security
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-usability, tbb-security-slider, | Actual Points:
ux-team |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
One other potentially useful comparison is the threat of exploits via
content JS (non-JITed) vs the threat from video (and audio). Skimming
through [https://www.cvedetails.com/product/3264/Mozilla-
Firefox.html?vendor_id=452 Firefox's list of historical vulnerabilities]
gives me the impression that the threat from scripts is higher than that
from video. (Please correct me if I'm somehow getting the wrong
impression.) A higher risk from scripts also appeals to my intuition,
given that the C++ codebase exercised by Web APIs is pretty huge.
If it's true that scripts pose a greater threat than video, the benefit of
blocking videos while allowing scripts seems not so compelling.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22981#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list