Opened 16 months ago

Last modified 8 months ago

#19907 new defect

NoScript could not be verified and gets disabled after restart

Reported by: gk Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-security
Cc: mcs, brade, arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We have at least two bug reports about NoScript getting disabled (presumably after an extension update happened) because it could not get verified. It might be related to #19491 but that is not known.

Child Tickets

Change History (6)

comment:1 Changed 16 months ago by gk

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

Thanks to a user on IRC (femme) we did try to debug this a bit but enabling extensions.logging.enabled does not shine any light on this issue. I wonder if anybody could come up with a good idea to debug this. Maybe we should ship with extra debugging code for this case until we tracked the thing down?

I also wonder whether Mozilla has heard from this and has any ideas given that we do not change any code with respect to NoScript's signing state..

comment:2 Changed 16 months ago by gk

The extension is fine it is just that the signature verification fails in rare cases for some reason and NoScript is then stuck in the "disabled" bucket.

comment:3 Changed 16 months ago by gk

Maybe we could trigger a signature re-check at every start somehow?

comment:4 in reply to:  2 Changed 16 months ago by mcs

Replying to gk:

The extension is fine it is just that the signature verification fails in rare cases for some reason and NoScript is then stuck in the "disabled" bucket.

Is this affecting other extensions (e.g., for Firefox users)? It seems like even a rare "false failure" will cause a lot of problems.

comment:5 Changed 16 months ago by bugzilla

As you pay much attention to this issue (dunno why), here are some thoughts on the topic:
What really should be done is a warning about that some component has failed to initialize.
As reports about NoScript started to appear more often, last updates of NoScript could be the reason. The scenario is: user starts TBB and NoScript prepares to update, say .13 to .14; then TBB finds its new version and prepares to update; user restarts TBB and Check Add-on for Compatibility is invoked by NoScript update, but there is no Tor connection ready to check the signature (plus some bugs with early network connections might exist), so initialization fails. (The same is for HTTPSE) Firefox users are not affected, because of existed connection or no bugs with handling of it.

comment:6 Changed 8 months ago by linda

Keywords: tbb-usability removed

Thanks for marking this with usability keyword. The UX team triaged the ticket and realize that the fix does not require our assistance, so we are removing the keyword as part of our triage.

Note: See TracTickets for help on using tickets.