Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#20123 closed defect (fixed)

consider blocking remote jar files at Low Security

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-security-slider, TorBrowserTeam201609R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Mozilla recently blocked remote jar files by default:

https://bugzilla.mozilla.org/show_bug.cgi?id=1215235

Then they had to re-enable the remote jar files again in the release, because users of IBM iNotes (some sort of webmail thing) ran into an incompatibility.

https://bugzilla.mozilla.org/show_bug.cgi?id=1255139

In any case, Mozilla's intention is to block by default again in the future. So when that happens, if not sooner, we should ensure that our security slider is not re-enabling remote jar files at Low Security.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by gk

Keywords: ff52-esr tbb-security-slider added

Sounds good to me. I guess we can consider it already for 6.5.

comment:2 in reply to:  description Changed 3 years ago by bugzilla

Replying to arthuredelstein:

Mozilla recently blocked remote jar files by default:

And you should.

Then they had to re-enable the remote jar files again in the release, because users of IBM iNotes (some sort of webmail thing) ran into an incompatibility.

IBM fixed it.

In any case, Mozilla's intention is to block by default again in the future. So when that happens, if not sooner, we should ensure that our security slider is not re-enabling remote jar files at Low Security.

Last time such operation was called "exempt" (#18557).

comment:3 Changed 3 years ago by arthuredelstein

Status: newneeds_review

comment:4 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good. Applied to torbutton master (commit 958d858f568a39fac1e1769745ffad402ee87c84) and tor-browser-45.4.0esr-6.5-1 (commit 01d246a535b34248b06e03c4f475387e75a172c3).

comment:5 Changed 3 years ago by gk

Keywords: TorBrowserTeam201609R added
Note: See TracTickets for help on using tickets.