[tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 9 18:51:00 UTC 2016
#20123: consider blocking remote jar files at Low Security
------------------------------------------+----------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Mozilla recently blocked remote jar files by default:
https://bugzilla.mozilla.org/show_bug.cgi?id=1215235
Then they had to re-enable the remote jar files again in the release,
because users of IBM iNotes (some sort of webmail thing) ran into an
incompatibility.
https://bugzilla.mozilla.org/show_bug.cgi?id=1255139
In any case, Mozilla's intention is to block by default again in the
future. So when that happens, if not sooner, we should ensure that our
security slider is not re-enabling remote jar files at Low Security.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20123>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list