Bug #15140
noscript bypass / new identity bug
100%
Description
If you temporarily allow a Website to use JavaScript and use the New Identity button and go back to the exact same website afterwards no script will forget that it granted temporary access to it pre-new identity yet allow scripts to be executed nonetheless
this is only reversed after closing Tor Browser for real and might be used maliciously.
easiest fix: set javascript.enabled to false on high security mode
Files
Subtasks
History
#1 Updated by mercedes508 2018-01-02 18:32:44
- Assignee set to intrigeri
- Priority changed from High to Normal
I’m not sure to understand properly how to reproduce this. And I tried in both Tails and Tor Browser on Debian. So I’m asking for some help if that’s possible on triaging this one.
Thanks in advance.
#2 Updated by Anonymous 2018-01-02 23:44:05
- File example.mp4 added
interesting find could reproduce in 3.2 will try 3.3 and tbb asap
#3 Updated by intrigeri 2018-01-03 08:32:08
- Assignee changed from intrigeri to mercedes508
> I’m not sure to understand properly how to reproduce this.
The video attached since you commented should make it clear how to reproduce. If this can be reproduced in Tor Browser outside of Tails, either the OP or yourself should ensure there’s a ticket about this in the Tor bug tracker.
#4 Updated by mercedes508 2018-01-03 15:01:22
- Type of work changed from Code to Wait
Reproduced on Tor Browser on Debian stable, so I created #24784 on Tor bug tracker (https://trac.torproject.org/projects/tor/ticket/24784).
Waiting for them to fix it then.
#5 Updated by mercedes508 2018-01-03 15:06:38
- Status changed from New to Confirmed
#6 Updated by mercedes508 2018-01-04 16:49:12
In fact it’s #24421 from Tor Bug Tracker. So the bug I opened is a duplicate.
https://trac.torproject.org/projects/tor/ticket/24421
#7 Updated by mercedes508 2018-01-29 11:20:28
- Target version set to Tails_3.6
mercedes508 wrote:
> In fact it’s #24421 from Tor Bug Tracker. So the bug I opened is a duplicate.
> https://trac.torproject.org/projects/tor/ticket/24421
This upstream ticket has been fixed just now, so hopefully fixed in next TBB version that should ship NoScript version 5.1.8.4. So Hopefully in Tails 3.6.
#8 Updated by intrigeri 2018-02-02 05:51:58
- Assignee changed from mercedes508 to bertagaz
- QA Check set to Ready for QA
Cool! bertagaz, please verify this when you’ll import the new Tor Browser.
#9 Updated by bertagaz 2018-03-12 21:41:06
- Status changed from Confirmed to Fix committed
- Assignee deleted (
bertagaz) - % Done changed from 0 to 100
- QA Check changed from Ready for QA to Pass
intrigeri wrote:
> Cool! bertagaz, please verify this when you’ll import the new Tor Browser.
Seems it was indeed fixed, I can not reproduce this bug with Tor Browser 7.5.1.
#10 Updated by bertagaz 2018-03-14 11:08:55
- Status changed from Fix committed to Resolved