Opened 4 years ago

Last modified 10 months ago

#10941 new task

Secure messaging window

Reported by: sukhbir Owned by:
Priority: Medium Milestone:
Component: Applications/Tor Messenger Version:
Severity: Normal Keywords:
Cc: gk, mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Investigate Instantbird's whitelisting of HTML content and the related security issues that may arise out of this.

Child Tickets

Change History (13)

comment:1 Changed 4 years ago by gk

Cc: gk added

comment:2 Changed 3 years ago by sukhbir

Keywords: TorMessengerPublic added
Parent ID: #14161

comment:3 Changed 3 years ago by sukhbir

Owner: set to sukhbir
Status: newassigned

comment:4 Changed 3 years ago by arlolra

Messaging window is jailed to type=content and is additionally XSS filtered immediately prior to display.

We've further removed anchor tags from strict mode to resolve the ambiguity in #13618.

comment:5 Changed 2 years ago by arlolra

From gk's audit,

I looked at imContentSink.jsm/convbrowser.xml and studied the Instantbird audit done by Mozilla. Almost all issues mentioned in the audit got fixed; one is left which does not seem to bring a high-risk with it especially, as Tor Messenger is configured to use the least permissive rendering mode (which is further hardened)

ToDo:

comment:6 Changed 2 years ago by sukhbir

Parent ID: #14161

comment:7 Changed 23 months ago by arlolra

Keywords: SponsorO removed

comment:8 Changed 23 months ago by arlolra

Keywords: TorMessengerPublic removed

comment:9 Changed 21 months ago by arlolra

Cc: mikeperry added
Severity: Normal

Mike seems to be saying some things here,
https://www.youtube.com/watch?v=DqBFez4v_2I&t=2114

comment:10 Changed 20 months ago by mikeperry

Oh, my comments there simply were that it would be strictly better if we knew the message content window had scripts disabled fully, rather than (or actually, in addition to) being XSS filtered.

I know there was some contention with the instantbird team over this, as they felt this would negatively impact UI, so my thought was that we could have a security slider here, too. So for example, look at all of the stuff that Coy.im disables: https://coy.im/about/. Rather than killing all of that up-front (which will negatively impact UX), it could be progressively disabled as security level is increased.

comment:11 Changed 20 months ago by arlolra

Thanks for clarifying (actually, I think you were being pretty clear to begin with, I'm just of the confused type).

A security slider seems apt. In #17480, Tails is asking for a less restrictive (linkified) content window. (Though maybe Tails, and the rest of the security conscious folks, have move on to CoyIM as it is ...)

comment:12 Changed 10 months ago by arlolra

Owner: sukhbir deleted

comment:13 Changed 10 months ago by arlolra

Status: assignednew
Note: See TracTickets for help on using tickets.