[tor-bugs] #5744 [TorBrowserButton]: TBB-Firefox allows style change on mouseover (JS disabled)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed May 9 01:27:42 UTC 2012
#5744: TBB-Firefox allows style change on mouseover (JS disabled)
---------------------------------+------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: closed
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: not a bug | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------------+------------------------------------------
Comment(by mikeperry):
Replying to [comment:1 guiseppe]:
> As seen in #5741 disabling JS would prevent or mitigate a lot of privacy
and security invading issues.
> Why do you accept this ongoing threat caused by these crazy JS codes?
Because normal people can't use the web without JS and won't know why.
Mentats are free to click the "break the web button" if they wish.
> I mean, it is a nice effort to preserve as much as possible user
experience and normal browsing behavior (according to the TBB design
document). But this trade-off should not lead repeatedly to such security
holes we have seen recently.
We're going to adjust our development processes to address this instead.
Specifically, see #3846 and #5790.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5744#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list