[tor-bugs] #22067 [Applications/Tor Browser]: NoScript Click-to-Play bypass with embedded videos and audios

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 14 20:54:36 UTC 2017


#22067: NoScript Click-to-Play bypass with embedded videos and audios
--------------------------------------+--------------------------
 Reporter:  samantharis               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-security, noscript    |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by ma1):

 This does not happen in NoScript's default configuration, only in Tor
 Browser's custom setup.

 Easiest work-around: turn "Forbid other plugins" (noscript.forbidPlugins)
 to true.

 Working on a fix for 5.0.6, hopefully by this week.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22067#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list