[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 9 07:43:34 UTC 2020 

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-------------------------------------------------+-------------------------
 Reporter:  catalyst                             |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  tbb-disk-leak, tbb-newnym,           |  Actual Points:
  noscript, TorBrowserTeam202006                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  tbb-disk-leak, tbb-newnym, noscript => tbb-disk-leak, tbb-
     newnym, noscript, TorBrowserTeam202006
 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:13 ma1]:
 > After some thinking I've decided that the new Incognito-restricted UI is
 a very good idea for Firefox and Chromium users in PBM. It's neutral for
 vanilla Tor Browser users (who can't see it by default anyway), and it's
 likely annoying for users who took the pain of restoring the NoScript
 button and checking the "''Override Tor Browser's Security Level preset''"
 option for the sole purpose of customizing their permissions and having
 them survive sessions.
 >
 > Therefore https://github.com/hackademix/noscript/releases/tag/11.0.27rc6
 disables non-temporary presets in the popup UI for all PBM users except
 those who choose to "have it their way" (with ''Override Tor Browser
 etc.''), while click to play permissions (the scope of this bug) are
 always made temporary for all PBM and Tor Browser window (but can be
 turned into permanent from the ''Per-site Permissions'' UI).

 Great, thanks. A quick test of the latest NoScript (11.0.30) shows that
 this bug is fixed. Yay!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list