[tor-bugs] #22899 [Applications/Tor Browser Sandbox]: `about:addons`'s "Get Addons" pane is unsafe and should be treated as such.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 12 19:17:05 UTC 2017
#22899: `about:addons`'s "Get Addons" pane is unsafe and should be treated as such.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
https://github.com/mozilla/addons-frontend/issues/2785
> Right now the about:addons page loads an iFrame with content hosted on a
Mozilla
> website ("The Discovery Pane"). This page contains Google Analytics.
Because we
> don't allow add-ons to run on about:* pages, add-ons that would block GA
don't
> work here.
It appears that they are making this DNT based, which is entirely
inadequate as any form of user tracking should be explicitly opt-in. My
plan unless people tell me otherwise is to totally reject requests to
`discovery.addons.mozilla.org` unless `Modifiable Extensions` is enabled.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22899>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list