[tbb-bugs] #27427 [Applications/Tor Browser]: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 14 02:38:48 UTC 2018
#27427: [PATCH] Fix NoScript IPC for about:blank by whitelisting messages
-------------------------------------------------+-------------------------
Reporter: rustybird | Owner:
| arthuredelstein
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201809R, | Actual Points:
tbb-8.0.1-can |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks3):
Replying to [comment:8 rustybird]:
> the race much less likely to be "won" by the bug, but not impossible.
Which could mean that it occasionally affects real websites as well.
Hopefully, the patch fixes all of those cases.
Ok. And your fix is to ignore the message? Isn't it evident that there's a
concurrency bug in NoScript that should be fixed? Just quickly skimming
over the code I can see that handling a `fetchChildPolicy` message
involves objects that are mutated (I suppose initialised) in `init`, the
function that sends `started` when completes. Do you see?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27427#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list