[tbb-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 6 23:08:43 UTC 2020
#10394: Torbrowser's updater updates HTTPS-everywhere
-------------------------------------------------+-------------------------
Reporter: StrangeCharm | Owner: tbb-
| team
Type: task | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, https-everywhere, | Actual Points:
TorBrowserTeam202006R |
Parent ID: | Points:
Reviewer: gk | Sponsor:
-------------------------------------------------+-------------------------
Comment (by rustybird):
Replying to [comment:44 gk]:
> Maybe we could include this patch as part of our "don't block our
unsigned extensions" patch where HTTPS-Everywhere is the only extension
left anyway. Would be easy to make this to an "treat https-e special"
patch.
If the [https://lists.torproject.org/pipermail/tbb-
dev/2017-April/000530.html plan] still is to eventually disable NoScript
updates too, then it might be simpler to keep the patch separate and later
add a fixup checking for the NoScript ID as well. Just a thought.
> rustybird: have you checked whether the ruleset updates are unaffected
by your patch
Yes, they still work: There are connections to `www.https-
rulesets.org:443` and `securedrop.org:443`. And when I start with an old
HTTPS Everywhere version that includes an outdated ruleset, the `rulesets-
timestamp` fields in `browser-extension-data/https-everywhere-
eff at eff.org/storage.js` show that those updates are applied.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list