[tor-bugs] #10280 [Applications/Tor Browser]: Torbrowser shouldn't load flash into the process space by default
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 26 01:21:14 UTC 2016
#10280: Torbrowser shouldn't load flash into the process space by default
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status:
Priority: Medium | reopened
Component: Applications/Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: tbb-testcase, | Resolution:
TorBrowserTeam201503R, tbb-firefox-patch, | Actual Points:
tbb-4.5-alpha, MikePerry201503R | Points:
Parent ID: | Sponsor:
Reviewer: |
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):
* cc: arthuredelstein (added)
* status: closed => reopened
* resolution: fixed =>
* severity: => Normal
Comment:
I was examining this patch to see if we need to upstream any of it. But
now I wonder if this patch is no longer needed in Tor Browser.
Flash and all other plugins (with a couple of exceptions) appear (in my
manual experiments) to be correctly excluded from Firefox if the pref
"plugin.disable" is true. (I admit the code in `dom/plugins/base/*` is
complex enough that it is hard to be absolutely sure there is no path
where a plugin might be loaded.) The plugins are not listed in the Plugins
section of about:addons and are not loaded. The only exceptions I see
seems to be "built-in" add-ons such as "OpenH264 Video Codec provided by
Cisco Systems, Inc." and "Widevine Content Decryption Module provided by
Google Inc." These plugins are excluded from Tor Browser by disabling GMP
and EME respectively.
I might be missing something here -- but is there any advantage in
including this patch any more? Perhaps the safest thing would be simply to
hide the "Plugins" section in about:addons altogether, rather than giving
users the option to "Enable" them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10280#comment:49>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list