[tor-bugs] #5912 [EFF-HTTPS Everywhere]: MyWOT extension breakage
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 17 17:29:03 UTC 2012
#5912: MyWOT extension breakage
----------------------------------+-----------------------------------------
Reporter: pde | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent: #3190
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Recent changes to the MyWOT ruleset, released in 3.0development.3, are
reportedly causing breakage in the MyWOT Firefox extension. This is an
instance of bug #3190.
The available courses of action are:
1. Wind back the [https://gitweb.torproject.org/https-
everywhere.git/history/HEAD:/src/chrome/content/rules/MyWOT.xml recent
changes to the ruleset], although that will presumably leave mywot.com
vulnerable to lots of attacks such as Firesheep-style cookie hijacking
that those changes were trying to protect against.
2. Have the MyWOT extension make all of these requests over HTTPS, in
which case it will no longer trip over the HTTPS Everywhere redirects.
3. Have the MyWOT extension listen for the "https-everywhere-uri-rewrite"
event [https://gitweb.torproject.org/https-
everywhere.git/blob/HEAD:/src/components/https-everywhere.js#l607 that we
send]when we rewrite things, and re-start those requests over HTTPS
4. Disable the MyWOT ruleset altogether.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5912>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list