[tbb-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 23 08:32:00 UTC 2016
#19210: NoScript places WebM videos too late behind click-to-play in higher
security levels
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-regression, tbb-security- | Actual Points:
slider, tbb-6.0-issues, noscript |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:15 ma1]:
> Therefore you may indeed notice a little delay (the default player
appears briefly, immediately replaced by the placeholder), but no
(potentially harmful) stream reaches the (potentially exploitable)
decoder.
Not sure what you mean but I hear the talk and see slides on the video for
a while. So it seems to me there are things that reach the decoder.
> Are you noticing anything different? If so, how I can reproduce and
verify what you're observing?
I am using an alpha Tor Browser (6.5a4) on a Linux machine (Debian
testing) with NoScript 2.9.5.1. I set the security slider to "medium"
(click on the green onion -> Security Settings...) which should make
things click-to-play. Then I am loading the video pointed to in the
description in a new tab. The result is not different from a pre 2.9.5
NoScript being used.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19210#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list