[tbb-bugs] #18782 [Tor Browser]: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 15 10:00:59 UTC 2016
#18782: media tab in Page Info can bypass NoScript on Linux if gstreamer is used
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: assigned
Priority: Very High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+--------------------------
Comment (by cypherpunks):
I did see #13020, and thank you for addressing.
However, ESR45 won't change the fact that Page Info/Media Preview allows
things that seemingly should be disabled via internal settings; that part
of Firefox may not be affected by the same controls as other parts of the
browser.
As for chrome vs. content and NoScript's focus, ok. But did you miss the
part about Media Preview running a music player even though javascript was
turned off completely in about:config? I'm pretty sure the content wasn't
php.
Anyway, new bug filed at #18829.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18782#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list