[tor-talk] Tor browser 9.0.7 is broken
Nicolas Vigier
boklm at mars-attacks.org
Tue Mar 24 13:03:04 UTC 2020
On Tue, 24 Mar 2020, Robin Lee wrote:
> Hi
>
> I just updated to Tor browser 9.0.7 and now any site that I've given
> javascript permission to no longer works! For example I go to
> https://protonirockerxow.onion and the website says I should enable
> javascript, but I already added this site to the ones that can send
> javascript and Tor browser tells me that it has blocked 0 items.
Tor Browser 9.0.7 is now disabling javascript completely when selecting
the Safest security level, which also prevents using noscript to allow
some javascript to run:
https://blog.torproject.org/new-release-tor-browser-907
The reason we did this change is that a bug in Firefox ESR might allow
bypassing Noscript. Although Noscript now includes some workarounds to
prevent that from happenning, but we don't know if that is enough.
If you want to allow javascript on a specific website, I think there
are two main options:
- set javascript.enabled and use noscript configuration to allow
javascript on some specific website, and accept the risk that some
other website might be able to bypass noscript.
- change the security level before visiting the website where you want
javascript. But also remember that the security level applies to all
open tabs, so you should not forget to change it back to Safest
before visiting other websites.
More information about the tor-talk
mailing list