[tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 19 18:10:10 UTC 2016
#20123: consider blocking remote jar files at Low Security
-------------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-security-slider | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+--------------------------
Comment (by bugzilla):
Replying to [ticket:20123 arthuredelstein]:
> Mozilla recently blocked remote jar files by default:
And you should.
> Then they had to re-enable the remote jar files again in the release,
because users of IBM iNotes (some sort of webmail thing) ran into an
incompatibility.
IBM fixed it.
> In any case, Mozilla's intention is to block by default again in the
future. So when that happens, if not sooner, we should ensure that our
security slider is not re-enabling remote jar files at Low Security.
Last time such operation was called "exempt" (#18557).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20123#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list