[tor-bugs] #33613 [Applications/Tor Browser]: Javascript Execution with NoScript Bypass (was: 811786)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 13 17:16:28 UTC 2020


#33613: Javascript Execution with NoScript Bypass
--------------------------------------+-----------------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam202004      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Old description:

> Placeholder.

New description:

 The bug is upstream in Firefox 68esr. It is tracked by
 [https://bugzilla.mozilla.org/1621996 Bug 1621996].

--

Comment (by sysrqb):

 The patches above disabled javascript execution, as a safe guard. The
 original NoScript migration for this Firefox bug was incomplete. We
 believe the current mitigation in NoScript successfully avoids the bug,
 but I want to give enough time for more people to poke at it before
 thinking about relying on NoScript completely for blocking javascript
 execution on the Safest security level.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33613#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list