[tor-bugs] #26540 [Applications/Tor Browser]: Enabling pdfjs disableRange option prevents pdfs from loading

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 25 10:21:46 UTC 2018 

#26540: Enabling pdfjs disableRange option prevents pdfs from loading
--------------------------------------------+------------------------------
 Reporter:  pospeselr                       |          Owner:  pospeselr
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201807  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):

 * status:  needs_review => needs_revision
 * keywords:  ff60-esr, TorBrowserTeam201807R => ff60-esr,
     TorBrowserTeam201807


Comment:

 Neat idea! I am fine doing this hack if that helps us. Note, we want to
 have domain isolation working even if the user is not in PBM as PBM is
 only used to take care of disk leaks. The pref governing the domain
 isolation is `privacy.firstparty.isolate`.

 It might be worth as well to open a Mozilla bug, blocking the
 FirstPartyIsolation one
 (https://bugzilla.mozilla.org/show_bug.cgi?id=1299996) and asking Mozilla
 for feedback wrt the final approach you come up with.

 Finally, it seems the patches you currently have do not work for me when
 trying to load https://www.amnestyusa.org/pdfs/sscistudy1.pdf

 STR:

 1) Take a vanilla 8.0a9 bundle on Linux
 2) Override the bundle parts with the patched code
 3) After start-up set `extensions.torbutton.loglevel` to `3` and
 `extensions.torbutton.logmethod` to `0`
 4) Try to load https://www.amnestyusa.org/pdfs/sscistudy1.pdf
 5) During CAPTCHA completion you'll see the isolation to the Amnesty
 domain
 6) Once you CAPTCH got completed and the .pdf is loading this seems to go
 over the catch-all curcuit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26540#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list