[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 1 19:11:27 UTC 2020


#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
 Reporter:  catalyst                             |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by ma1):

 OK, after some thinking I've decided that the new Incognito-restricted UI
 is a very good idea for Firefox and Chromium users in PBM. It's neutral
 for vanilla Tor Browser users (who can't see it by default anyway), and
 it's likely annoying for users who took the pain of restoring the NoScript
 button and checking the "''Override Tor Browser's Security Level preset''"
 option for the sole purpose of customizing their permissions and having
 them survive sessions.

 Therefore rc6 disables non-temporary presets in the popup UI for all PBM
 users except those who choose to "have it their way" (with ''Override Tor
 Browser etc.''), while click to play permissions (the scope of this bug)
 are always made temporary for all PBM and Tor Browser window (but can be
 turned into permanent from the ''Per-site Permissions'' UI).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list