[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 1 09:23:16 UTC 2020
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
Reporter: catalyst | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak, tbb-newnym, noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
Replying to [comment:5 gk]:
> Okay, thanks for those steps that helped me a lot. Giorgio: given that
this violates assumptions about Private Browsing Mode (PBM) usage (There
should not be leaked any information about web browsing to disk in that
mode let alone possibly problematic URLs) is there a way for NoScript to
actually adhere to the PBM rules the user/Tor Browser has intentionally
enabled? Like saving the exceptions in memory and only there if in PBM? It
seems to me there is no reason to save them to disk in that case.
Yes, it can be done. I'll need to flag all permissions as temporary (maybe
if not explicitly overridden by the user some way, e.g. via an option in
the confirmation dialog) for sessions where the Tor Browser is detected as
the host.
I will put this in 11.0.25.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list