Opened 7 weeks ago

Closed 3 weeks ago

#31322 closed defect (fixed)

Fix about:tor assertion failure in esr68 linux debug builds

Reported by: acat Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff68-esr, tbb-9.0-must-alpha, TorBrowserTeam201908R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor44-can

Description

I found this assertion failure when testing #30429 in linux, debug build. It happens when loading about:tor:

Assertion failure: foundDefaultSrc (about: page must contain a CSP including default-src), at /home/user/tor/tor-browser/dom/base/Document.cpp:5179

We should investigate this, but not sure if it's tbb-9.0-must-nightly.

Child Tickets

Change History (7)

comment:1 Changed 6 weeks ago by gk

Keywords: tbb-9.0-must-alpha TorBrowserTeam201908 added

Let's put it into our alpha-must category. The earlier we fix it the better, though.

comment:2 Changed 6 weeks ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:3 Changed 6 weeks ago by acat

Keywords: TorBrowserTeam201908R added; TorBrowserTeam201908 removed
Status: newneeds_review

comment:4 Changed 6 weeks ago by mcs

r=brade,r=mcs

We did not test this but it looks good.
Kathy and I don't know enough about the security implications of using unsafe-inline; do we need to file a new ticket about removing the need for that option?

comment:5 Changed 5 weeks ago by acat

I filed #31395, I think it's good to remove the inline script + unsafe-inline in the CSP, but not a security issue in this context.

comment:7 Changed 3 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good, thanks! Merged to master (commit f4530dc77da1a2c204674be33797d399c2bf597c)

Note: See TracTickets for help on using tickets.