[tor-bugs] #21684 [Applications/Tor Browser]: AMO has access to installed extensions with window.navigator.AddonManager in ESR 52
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 26 19:31:38 UTC 2017
#21684: AMO has access to installed extensions with window.navigator.AddonManager
in ESR 52
-------------------------------------------------+-------------------------
Reporter: gk | Owner: gk
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201705R, GeorgKoppen201705 |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Changes (by gk):
* status: assigned => needs_review
* keywords: ff52-esr, tbb-7.0-must, TorBrowserTeam201705,
GeorgKoppen201705 => ff52-esr, tbb-7.0-must, TorBrowserTeam201705R,
GeorgKoppen201705
Comment:
`bug_21684` (https://gitweb.torproject.org/user/gk/tor-
browser.git/commit/?h=bug_21684&id=b2f8585b66dc2856463950c7239015585a8481e3)
has a patch for review.
FWIW: I pondered quite a while whether we should disable this API for both
chrome and content but finally opted for doing so just for the latter.
There might be breakage involved (especially in the longer run) by not
allowing Firefox internals to use it. However, I am not sold to this.
Thus, if there are good arguments for kicking
`window.navigator.AddonManager` fully out let me know and we can
reconsider it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21684#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list