[tor-bugs] #22809 [Applications/Tor Browser]: Tor Browser does not provide red security warning for downloading executable in HTTP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 5 10:46:00 UTC 2017
#22809: Tor Browser does not provide red security warning for downloading
executable in HTTP
--------------------------------------+--------------------------
Reporter: naif | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by naif):
Afaik I've been told that Firefox UX team is very busy with the new major
releases, so they will not be going to work on it soon.
A good patch on Firefox from Tor Project would probably be the fastest
solution, that could in turn go back to Firefox as "ready made" .
As per definitions of exe or rpm or tarballs, we could probably define
"any installer file that can be executed on the target machine" and that
could be a list of content-type and extensions.
That's something I'm going to bid and look forward to support financially
and functionally for the implementation as I'm finding out that there are
too many software being delivered over HTTP, target of malware infection
appliance, and the only way to work around it is to have browser to warn
or block that downloads (probably doing a sort of "securethe.news" but for
software distribution security).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list