Opened 3 years ago

Closed 3 years ago

#23044 closed defect (fixed)

Don't allow GIO supported protocols by default — at Version 1

Reported by: gk Owned by: tbb-team
Priority: Immediate Milestone:
Component: Applications/Tor Browser Version:
Severity: Blocker Keywords: tbb-proxy-bypass
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

Firefox allows passing URLs along to the OS (by a whitelist) which is dangerous. We should avoid that.

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by gk

Description: modified (diff)
Keywords: tbb-proxy-bypass added; tbb-gitian removed
Priority: MediumImmediate
Resolution: fixed
Severity: NormalBlocker
Status: newclosed
Summary: Replace stdole2.tlb with our own during build timeDon't allow GIO supported protocols by default

Fixes pushed to tor-browser-52.2.0esr-7.5-1 (commit a96f898e0da42de751a5e1367a9899cc96fadb1f) and tor-browser-52.2.0esr-7.0-1 (commit 720f9061496321aa978d2f022113c40e9aeb4847). They will show up in the next releases, 7.0.3 and 7.5a3.

Note: See TracTickets for help on using tickets.