[tor-bugs] #16931 [Applications/Tor Browser]: Sanitize the add-on blocklist update URL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 21 08:08:15 UTC 2018
#16931: Sanitize the add-on blocklist update URL
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by skeletonchimp):
I strongly suggest disabling this feature and hopefully including the fix
in the next version of TBB.
I believe the Severity and Priority of this ticket should be increased to
the highest value!
Meanwhile, is the TBB user to manually blank the Value of
extensions.blocklist.url until this is fixed? Would the user need to
include a modification of extensions.blocklist.enabled to false, or would
this break too much?
A user posted about this here:
https://blog.torproject.org/comment/277375#comment-277375
Oddly enough, I had noticed this issue when I was reviewing
'about:cache?device=memory' in Tor Browser 8.0 and noticed a strange link,
then found the user's post. Thanks, gk, for noticing my post in #3555,
which I found via #6734.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16931#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list