[tbb-bugs] #30730 [Applications/Tor Browser]: Can't access right click menu for noscript w/o readding icon

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 3 09:19:44 UTC 2019


#30730: Can't access right click menu for noscript w/o readding icon
--------------------------------------+--------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by gk):

 * owner:  (none) => tbb-team
 * component:  - Select a component => Applications/Tor Browser


Comment:

 Yes, the NoScript icon in the context menu is a bug which we did not get
 fixed for 8.5. Removing it is tracked in #30730.

 Regarding your anonymity concerns: well, as far as we know there is no way
 to detect the NoScript icon presence on the toolbar from websites.
 Remember as well that we still have a lot of users that have the search
 bar visible on their toolbar and probably a lot of other old things due to
 updating from older Tor Browser versions (even before esr52-based ones).
 Thus, the length of the urlbar is not helping here.

 Yes, if you take screenshots you have to be careful and that's not in
 particular related to toolbar layout. It's OS details that leak e.g. or
 potentially a different theme or your toolbar layout or...
 Dealing with NoScript settings is dangerous for a number of reasons (see:
 e.g. #26517) and not recommended unless you know what you are doing. This
 holds as well for making exceptions to the default security settings
 because that comes with a risk for fingerprinting users might
 underestimate (due to the pattern of whitelisted sites that are
 whitelisted for the whole browser session). I think if you are confident
 handling that risk dealing with re-adding the NoScript button to the
 toolbar (and potentially removing it if you really need to post a
 screenshot with your toolbar that already leaks details because it's a
 toolbar on a particular OS etc.) is in scope as well.

 Thus, I am not convinced doing the right-click workaround you suggested.
 We should rather fix #30730 and work on #30570.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30730#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list