[tor-bugs] #22699 [Applications/Tor Browser]: Use browser pref for javascript at High Security Level

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 22 19:02:24 UTC 2017


#22699: Use browser pref for javascript at High Security Level
------------------------------------------+--------------------------
     Reporter:  mikeperry                 |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-security
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------
 It would be wise to set javascript.enabled to false in about:config at the
 high security level, in addition to having NoScript disable scripting for
 us. This should be an easy change, and there is no reason to exclusively
 depend on NoScript. NoScript could miss something, especially if the e10s
 transition caused a lot of upheaval.

 (Similarly, Firefox could miss something, since javascript.enabled is no
 longer a UI-exposed pref, so we should do both, for defense in depth.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22699>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list