[tor-bugs] #33613 [Applications/Tor Browser]: Javascript Execution with NoScript Bypass (was: 811786)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 13 17:16:28 UTC 2020
#33613: Javascript Execution with NoScript Bypass
--------------------------------------+-----------------------------------
Reporter: sysrqb | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam202004 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Old description:
> Placeholder.
New description:
The bug is upstream in Firefox 68esr. It is tracked by
[https://bugzilla.mozilla.org/1621996 Bug 1621996].
--
Comment (by sysrqb):
The patches above disabled javascript execution, as a safe guard. The
original NoScript migration for this Firefox bug was incomplete. We
believe the current mitigation in NoScript successfully avoids the bug,
but I want to give enough time for more people to poke at it before
thinking about relying on NoScript completely for blocking javascript
execution on the Safest security level.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33613#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list