[tbb-bugs] #12430 [Tor Browser]: Disable the jar: protocol for external resources via preference
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 30 15:46:14 UTC 2015
#12430: Disable the jar: protocol for external resources via preference
-------------------------+-------------------------------------------------
Reporter: gk | Owner: tbb-team
Type: | Status: needs_review
enhancement | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-security, tbb-firefox-patch,
Browser | tbb-isec-report, TorBrowserTeam201501R
Resolution: | Parent ID: #9387
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
Replying to [comment:6 mikeperry]:
> Their patch is here:
https://github.com/iSECPartners/publications/blob/master/reports/Tor%20Browser%20Bundle/artifacts/network.jar
.block-remote-files.patch
Looks good to me. bug_12430 has it applied in a Tor Browser context.
> They recommended we set this at "Low" (ie by default) in the slider. I
would be more comfortable setting it at one of the Medium settings, I
think.
I agree. bug_9387_12430 in my Torbutton repo binds the pref to the medium-
low setting.
There is bug_12430 in my tor-browser-bundle-testsuite repo for a test
patch, too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12430#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list