Opened 4 years ago

Closed 14 months ago

Last modified 5 months ago

#13612 closed defect (fixed)

social.remote-install.enabled option in Tor Browser

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-7.0-must, TorBrowserTeam201705R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor4

Description

Can you please look into the firefox config option social.remote-install.enabled and see if it should be disabled by default in the Tor Browser?

Currently it is set to true.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by cypherpunks

Type: enhancementdefect

comment:2 Changed 16 months ago by mcs

Keywords: ff52-esr added
Severity: Normal
Sponsor: Sponsor4

Putting on our radar for the upcoming ESR52-based Tor Browser.

comment:3 Changed 16 months ago by cypherpunks

Summary: social.remote-install.enabled option in Tor Browser 4.0social.remote-install.enabled option in Tor Browser
// remote-install allows any website to activate a provider, with extended UI
// notifying user of installation. we can later pref off remote install if
// necessary. This does not affect whitelisted and directory installs.

but

// Bug 898706 we do not enable social in private sessions since frameworker
// would be shared between private and non-private windows

until it has been redesigned after esr45

When I removed the frameWorker a while back, I removed all code preventing social running in a private window, but aparently missed this one. FrameWorker was the sole reason for avoiding private windows since it could cross between the two. So basically, you could use social (share) in private windows, but you couldn't add a social provider. There's no reason for that limitation.

comment:4 Changed 14 months ago by gk

Keywords: tbb-7.0-must added

comment:5 Changed 14 months ago by arthuredelstein

Keywords: TorBrowserTeam201705R added
Status: newneeds_review

Have looked at the social.* prefs and the associated code, I think it makes sense to disable these. Here's a patch to do that:

https://github.com/arthuredelstein/tor-browser/commit/13612

comment:6 Changed 14 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Applied to tor-browser-52.1.0esr-7.0-2 as commit bd30c7b878b8c4a3a033db65f1f6dbfa46f543d4.

comment:7 Changed 5 months ago by arthuredelstein

Keywords: tbb-no-uplift added

comment:8 Changed 5 months ago by arthuredelstein

Keywords: tbb-no-uplift removed
Note: See TracTickets for help on using tickets.