[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 1 19:11:27 UTC 2020
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
Reporter: catalyst | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak, tbb-newnym, noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ma1):
OK, after some thinking I've decided that the new Incognito-restricted UI
is a very good idea for Firefox and Chromium users in PBM. It's neutral
for vanilla Tor Browser users (who can't see it by default anyway), and
it's likely annoying for users who took the pain of restoring the NoScript
button and checking the "''Override Tor Browser's Security Level preset''"
option for the sole purpose of customizing their permissions and having
them survive sessions.
Therefore rc6 disables non-temporary presets in the popup UI for all PBM
users except those who choose to "have it their way" (with ''Override Tor
Browser etc.''), while click to play permissions (the scope of this bug)
are always made temporary for all PBM and Tor Browser window (but can be
turned into permanent from the ''Per-site Permissions'' UI).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list