[tbb-bugs] #26520 [Applications/Tor Browser]: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser

Mon Aug 27 17:29:17 UTC 2018

#26520: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:
                                                 |  pospeselr
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808,      |  Actual Points:
  noscript                                       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by intrigeri):

 Replying to [comment:24 intrigeri]:
 > Replying to [comment:23 rustybird]:
 > Thanks for testing & reporting! I'll reproduce this and will assess how
 problematic this is for Tails (hopefully today or tomorrow).

 Here are my test results on current Tails testing branch. Thanks to gk for
 the guidance!

 * no change: cannot reproduce
 * upgrade Torbutton to a XPI built from commit
 c93f06417e0bdbd6d709ec5109938347d1d38123 with `./makexpi.sh`: reproduced
 the bug; all pages are affected, not only the 1st loaded one
 * upgrade Torbutton to a XPI built from commit
 c93f06417e0bdbd6d709ec5109938347d1d38123 with `./makexpi.sh`, upgrade
 NoScript to
 https://secure.informaction.com/download/releases/noscript-10.1.8.23.xpi:
 reproduced the bug; all pages are affected (not only the 1st loaded one)
 until I do the trick gk suggested i.e. set the security slider to safer,
 apply, set the security slider back to standard, apply.

 Anyone who wants to reproduce this or try to fix it in the context of
 Tails:

 * grab an ISO from
 https://nightly.tails.boum.org/build_Tails_ISO_testing/lastSuccessful/archive
 /build-artifacts/
 * boot that ISO in a x86-64 VM with at least 2GB of RAM
 * in the Tails Greeter ("Welcome to Tails"), set an administration
 password so you can use `sudo` in the next step: click the "+" button,
 click "Administration Password", etc.
 * replace whatever XPI you want: they live in `/usr/local/share/tor-
 browser-extensions`
 * start `tor-browser` from a terminal to see its stdout (otherwise it's
 sent to the systemd Journal that you can query with `sudo journalctl`).

 I'm happy to provide more guidance or to test stuff myself in the context
 of Tails :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26520#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online