[tor-bugs] #27307 [Applications/Tor Browser]: NoScript marks HTTP Onion as insecure

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 29 14:28:19 UTC 2019 

#27307: NoScript marks HTTP Onion as insecure
--------------------------------------------+------------------------------
 Reporter:  cypherpunks3                    |          Owner:  tbb-team
     Type:  defect                          |         Status:
                                            |  needs_information
 Priority:  Low                             |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Minor                           |     Resolution:
 Keywords:  noscript, TorBrowserTeam201910  |  Actual Points:
Parent ID:  #21728                          |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by gk):

 * keywords:  noscript, TorBrowserTeam201910R => noscript,
     TorBrowserTeam201910
 * status:  reopened => needs_information


Comment:

 Okay, I managed to reproduce my other issue as well: the start-up of rc15
 is extremely slow on higher security levels. E.g. on my machine there is a
 gap of almost 10 seconds between the first two messages:
 {{{
 [10-29 14:15:22] Torbutton INFO: Message received from NoScript:
 [{"__meta":{"name":"collect","recipientInfo":{"tabId":1,"frameId":0}},"_messageName":"collect"},{"id":"{73a6fe31
 -595d-460b-a920-fcc0f8843232}","url":"moz-
 extension://07d31867-b62c-4014-aa90-56981c414124/_generated_background_page.html","envType":"addon_child","extensionId":"{73a6fe31
 -595d-460b-a920-fcc0f8843232}","contextId":274877906946},null]
 }}}
 and
 {{{
 [10-29 14:15:31] Torbutton INFO: Message received from NoScript:
 [{"__meta":{"name":"started","recipientInfo":null},"_messageName":"started"},{"id":"{73a6fe31
 -595d-460b-a920-fcc0f8843232}","url":"moz-
 extension://07d31867-b62c-4014-aa90-56981c414124/_generated_background_page.html","envType":"addon_child","extensionId":"{73a6fe31
 -595d-460b-a920-fcc0f8843232}","contextId":274877906946},null]
 }}}
 which makes me a bit nervous given that the user can meanwhile surf the
 web but the security settings are set only after the `started` or
 pageshow` one.

 I suspect that's because of #23719, actually. I wonder whether stable
 users would be hitting the bug on the standard mode, too, given that WASM
 is disabled there as well. ma1: What kind of JIT/WASM parts are you using
 for the initial loading of NoScript's state that could cause this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27307#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list