#25867 closed defect (invalid)

Update this part of the TB design doc

Reported by: cypherpunks Owned by: gk
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://www.torproject.org/projects/torbrowser/design/#other-security

network.jar.block-remote-files is set to true. Mozilla tried to block remote JAR files in Firefox 45 but needed to revert that decision due to breaking IBM's iNotes. While Mozilla is working on getting this disabled again we take the protective stance already now and block remote JAR files even on the low security level.

Since https://bugzilla.mozilla.org/show_bug.cgi?id=1329336 has been fixed

(See https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 as well but that's for the future 67 ESR.)

Child Tickets

Change History (1)

comment:1 Changed 20 months ago by gk

Resolution: invalid
Status: assignedclosed

Tor Browser is still based on ESR 52, so this ticket is actually invalid given that the bug you cite got fixed in Firefox 55 and not backported to ESR 52. But, yes, this is on my radar once we start the design doc update for Tor Browser 8.

Note: See TracTickets for help on using tickets.