Opened 3 months ago

Last modified 3 months ago

#30402 new defect

Expired Certificate and "Explore Privately"

Reported by: Crissy2 Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Critical Keywords:
Cc: tbb-team Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Preventing mark as duplicated: I have read #30388 bug.

If an mandatory certificate expires (In Tor Browser, mozilla or any mandatory add-on, Tor Browser should close all tabs before disabling addon.

An add-on was disabled and... all run websites start grab my identifying data. The yellow bar information is not correct solution because i can be AFK (scripts continue running).

The correct solution:
If TorBrowser starts with bad certificate, there shall be visible:
"Something went wrong" instead of "Explore. Privately". Additionally there shall be shown description of reason if is known.

If certificate becomes invalid during work, Tor Browser should close all tabs (without showing the ask "Do you really close this tab" etc.) and show the "Something went wrong" screen.

Disabling add-ons during work of TB is very silly idea if this add-on raises privacy <facepalm>

BTW. Why TBB has not built-in NoScript version that haven't to be verified?

People still can download affected TBB without working NoScript. The download link should stop to work or indicate a properly running version (also if alfa!!!)

Child Tickets

Change History (2)

comment:1 Changed 3 months ago by Crissy2

Additionally, TorBrowser should show a warning if certificate expiration is nearing.

comment:2 Changed 3 months ago by cypherpunks

+1

Note: See TracTickets for help on using tickets.