[tor-bugs] #30388 [Applications/Tor Browser]: NoScript and all user-installed add-ons got deactivated! (armagadd-on-2.0)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 6 11:37:31 UTC 2019
#30388: NoScript and all user-installed add-ons got deactivated! (armagadd-on-2.0)
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: tbb-
| team
Type: task | Status:
| needs_review
Priority: Immediate | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution:
Keywords: AffectsTails, TorBrowserTeam201905R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Okay, we need a slight change in our plans and need a -build2 which costs
us additional time. :(
We realized that we need make sure the intermediate certificate database
is available when the new cert gets added and therefore set
`security.nocertdb` to `false`, then imported the cert and then set the
`security.nocertdb` back to `false`. Now everything is fine if you leave
your Tor Browser open and don't do a New Identity. However, if you restart
your browser `security.nocertdb` makes sure the saved intermediate
certificates are not loaded. Thus, after some time when the signature is
re-checked the new intermediate certificate is not available and the
extensions get disabled again.
Thus, the deployed fix from Mozilla is essentially not compatible with
`security.nocertdb` being enabled. I've filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1549344 for that.
Meanwhile we do a new build with `security.nocertdb` disabled, stay tuned.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30388#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list