Torbutton 1.1.13-alpha released
Mike Perry
mikeperry at fscked.org
Sun Feb 3 21:46:29 UTC 2008
Version 1.1.13 of the development series of the Torbutton Firefox
Extension has been released at https://torbutton.torproject.org/dev/
This release features a couple of important security fixes to work
around two Firefox bugs. Firefox bug 409737 allows pages to still
execute some javascript after Tor has been toggled, and Firefox bug
401296 allows plugins to be loaded via direct links and
meta-refreshes.
Here is the complete changelog:
* bugfix: Implement workarounds to disable Javascript network access
for Firefox Bug 409737
* bugfix: Improved plugin-disabling workarounds for Firefox Bug
401296
* misc: Set network.protocol-handler.warn-external.* to warn on
external app handlers during Tor usage
* misc: Disable browser.safebrowsing.enabled during Tor usage since
it retrieves some information in plaintext.
* misc: Disable browser.send_pings.
* misc: Block Javascript back/forward manipulation if Tor is enabled
* new: Option to clear HTTP auth on Tor toggle
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080203/67da25f6/attachment.pgp>
More information about the tor-talk
mailing list