Bug #16706: NoScript gets disabled after a while

Bug #16706

NoScript gets disabled after a while

Added by anonym 2019-05-06 09:55:15 . Updated 2019-05-23 21:20:19 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_3.14

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Test

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

It was discovered that the Tor Browser fix for ~~Bug #16694~~ (armagadd-on-2.0) isn’t complete. All is fine the first run, but if you restart Tor Browser it will eventually recheck NoScript’s validity and fail. There will be a Tor Browser 8.0.9-build2 because of this. The situation is better for Tails thanks to our amnesic filesystem: each time you boot Tails you get a “first” start, unlike outside of Tails. So we can keep -build1 in Tails 3.13.2 and instruct users to not restart Tor Browser (restart Tails instead).

This should be fixed once we import Tor Browser in the next release.

Tor Browser bug: https://trac.torproject.org/projects/tor/ticket/30388
Mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1549344

Subtasks

Related issues

Related to Tails - ~~Bug #16694~~: NoScript is disabled thanks to armagadd-on-2.0	Resolved
Related to Tails - ~~Bug #16690~~: Upgrade to Tor Browser based on Firefox 60.7	Duplicate
Related to Tails - ~~Feature #16337~~: Upgrade to Tor Browser 8.5	Resolved	2019-03-15
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed

History

#1 Updated by anonym 2019-05-06 09:55:33

blocks Feature #16209: Core work: Foundations Team added

#2 Updated by intrigeri 2019-05-06 10:27:31

Priority changed from Normal to High

#3 Updated by anonym 2019-05-06 10:44:49

This can be used to trigger the validity check immediately (paste into javascript console via ctrl+shift+j):

ChromeUtils.defineModuleGetter(this, "XPIProvider", "resource://gre/modules/addons/XPIProvider.jsm");
XPIProvider.verifySignatures();

When I run this during the first start, everything is good, but after restarting it immediately triggers the bug. This verifies that the first start is not affected, so shipping -build1 should be fine.

#4 Updated by anonym 2019-05-06 11:30:11

Priority changed from High to Normal

Downgrading severity now that we know -build1 is ok as long as users don’t restart Tor Browser.

#5 Updated by intrigeri 2019-05-06 12:48:18

> Downgrading severity now that we know -build1 is ok as long as users don’t restart Tor Browser.

FTR I had upgraded priority for 3.14 (I thought this ticket was about 3.14), not for 3.13.2. Looks like we will have the fix in 3.14 anyway.

#6 Updated by intrigeri 2019-05-06 13:58:43

related to ~~Bug #16694~~: NoScript is disabled thanks to armagadd-on-2.0 added

#7 Updated by intrigeri 2019-05-06 14:13:14

Assignee set to segfault

segfault will check that this is fixed when he imports 8.5a12.

#8 Updated by intrigeri 2019-05-06 14:41:44

Description updated

#9 Updated by intrigeri 2019-05-06 18:11:12

Assignee changed from segfault to CyrilBrulebois

intrigeri wrote:
> segfault will check that this is fixed when he imports 8.5a12.

Except that’s now irrelevant since TB 8.5 will be released after next week’s release ⇒ this needs to be done by whoever does ~~Bug #16690~~ (likely @CyrilBrulebois).

#10 Updated by intrigeri 2019-05-06 18:11:19

related to ~~Bug #16690~~: Upgrade to Tor Browser based on Firefox 60.7 added

#11 Updated by anonym 2019-05-06 19:44:59

Assignee deleted (~~CyrilBrulebois~~)

So I just read that “… everything is fine if you leave your Tor Browser open and don’t do a New Identity” (source which indicates that the New Identity feature could make NoScript disappear again, which sounds pretty bad for our users. That is contrary to what he said when I asked him before he posted that, because I actually had thought about this angle before deciding to go with -build1.

Any way, I have tried the reproduced after triggering a New Identity in Tails 3.13.2, and the bug does not occur, i.e. NoScript remains! Yay! So everything is good, and this is just a big nothing, but I thought it useful to document it somewhere.

#12 Updated by intrigeri 2019-05-07 06:43:06

Assignee set to CyrilBrulebois

(Reverting change that was presumably unintentional.)

#13 Updated by intrigeri 2019-05-17 14:45:37

related to ~~Feature #16337~~: Upgrade to Tor Browser 8.5 added

#14 Updated by segfault 2019-05-17 15:40:45

> Any way, I have tried the reproduced after triggering a New Identity in Tails 3.13.2, and the bug does not occur, i.e. NoScript remains! Yay! So everything is good, and this is just a big nothing, but I thought it useful to document it somewhere.

Same for 8.5-build2. Triggered new Identity and started the browser a second time and NoScript remains.

#15 Updated by intrigeri 2019-05-17 16:01:19

> Same for 8.5-build2. Triggered new Identity and started the browser a second time and NoScript remains.

Next step: try ~~Bug #16706#note-3~~ after a restart.

#16 Updated by intrigeri 2019-05-18 07:32:22

Assignee changed from CyrilBrulebois to anonym
QA Check set to Info Needed

@anonym, could you please explain how to “paste into javascript console via ctrl+shift+j”? Neither segfault nor myself managed to follow these instructions.

#17 Updated by intrigeri 2019-05-18 07:39:24

Assignee deleted (~~anonym~~)
Target version changed from Tails_3.14 to Tails_3.15
QA Check deleted (~~Info Needed~~)

Actually, I can’t see the prompt line (at the bottom of the “Browser Console” window) in an ISO built from ~~Feature #16337~~, while I can see it both in Tor Browser 8.0.9 running outside of Tails, and in Tails 3.13.2 (8.0.9 as well). So of course we can’t paste JS code in a non-visible prompt :/ Same problem in 8.5-build2 started outside of Tails (no AppArmor confinement). This seems to be a 8.5 regression, I’ll ensure it’s known upstream (@segfault). Let’s not block on this for 3.14 given this ticket is really about triple-checking something.

#18 Updated by intrigeri 2019-05-18 07:43:41

> This seems to be a 8.5 regression, I’ll ensure it’s known upstream.

https://trac.torproject.org/projects/tor/ticket/30530

#19 Updated by intrigeri 2019-05-18 11:54:33

Assignee set to intrigeri
Target version changed from Tails_3.15 to Tails_3.14
Type of work changed from Wait to Test

On 8.5, we won’t be able to use the tweak anonym documented. So the only way to triple-check this is to start Tails with Tor Browser 8.5, start Tor Browser, restart it just to be sure, and then leave it running and online for more than 24h. I’ll try to do that before 3.14 but if I don’t manage to, let’s give up, rely on anonym’s testing and Mozilla + Tor Browser folks, and close this as resolved.

#20 Updated by intrigeri 2019-05-18 12:17:43

intrigeri wrote:
> On 8.5, we won’t be able to use the tweak anonym documented. So the only way to triple-check this is to start Tails with Tor Browser 8.5, start Tor Browser, restart it just to be sure, and then leave it running and online for more than 24h. I’ll try to do that before 3.14

Timestamp: Tor Browser started.

#21 Updated by intrigeri 2019-05-18 12:18:25

Status changed from Confirmed to In Progress

#22 Updated by intrigeri 2019-05-18 14:36:30

Status changed from In Progress to Fix committed
Assignee deleted (~~intrigeri~~)

OK, thanks to GeKo I learnt that one can enable the Browser Console with the devtools.chrome.enabled pref. Then I’ve run the 2 lines of code that anonym provided above, got a pending promise back, so I saved it to a variable p = XPIProvider.verifySignatures();, and then typed p to evaluate it again and again until its state became “fulfilled”. Then I checked about:addons and NoScript is still enabled. So calling this fixed.

#23 Updated by CyrilBrulebois 2019-05-23 21:20:19

Status changed from Fix committed to Resolved