Opened 5 years ago

Closed 2 years ago

Last modified 21 months ago

#13612 closed defect (fixed)

social.remote-install.enabled option in Tor Browser

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-7.0-must, TorBrowserTeam201705R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor4


Can you please look into the firefox config option social.remote-install.enabled and see if it should be disabled by default in the Tor Browser?

Currently it is set to true.

Child Tickets

Change History (8)

comment:1 Changed 5 years ago by cypherpunks

Type: enhancementdefect

comment:2 Changed 3 years ago by mcs

Keywords: ff52-esr added
Severity: Normal
Sponsor: Sponsor4

Putting on our radar for the upcoming ESR52-based Tor Browser.

comment:3 Changed 3 years ago by cypherpunks

Summary: social.remote-install.enabled option in Tor Browser 4.0social.remote-install.enabled option in Tor Browser
// remote-install allows any website to activate a provider, with extended UI
// notifying user of installation. we can later pref off remote install if
// necessary. This does not affect whitelisted and directory installs.


// Bug 898706 we do not enable social in private sessions since frameworker
// would be shared between private and non-private windows

until it has been redesigned after esr45

When I removed the frameWorker a while back, I removed all code preventing social running in a private window, but aparently missed this one. FrameWorker was the sole reason for avoiding private windows since it could cross between the two. So basically, you could use social (share) in private windows, but you couldn't add a social provider. There's no reason for that limitation.

comment:4 Changed 2 years ago by gk

Keywords: tbb-7.0-must added

comment:5 Changed 2 years ago by arthuredelstein

Keywords: TorBrowserTeam201705R added
Status: newneeds_review

Have looked at the social.* prefs and the associated code, I think it makes sense to disable these. Here's a patch to do that:

comment:6 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Applied to tor-browser-52.1.0esr-7.0-2 as commit bd30c7b878b8c4a3a033db65f1f6dbfa46f543d4.

comment:7 Changed 21 months ago by arthuredelstein

Keywords: tbb-no-uplift added

comment:8 Changed 21 months ago by arthuredelstein

Keywords: tbb-no-uplift removed
Note: See TracTickets for help on using tickets.