Opened 6 weeks ago

Last modified 8 days ago

#32333 needs_information defect

NoScript remembers settings on browser quit

Reported by: kromek Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-9.0-issues, noscript, TorBrowserTeam201912
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Despite having "extensions.torbutton.noscript_persist" set to "false", NoScript still remembers trusted sites after quitting the browser. I'm using safest security settings on Debian 10.

This is a big privacy risk because I accidentally created a unique ruleset this way.

Child Tickets

Change History (10)

comment:1 Changed 6 weeks ago by kromek

UPDATE: It seems to reproduce the issue, you have to allow restrictions globally and restart the browser. It will still have disabled restrictions, and from now on, even if you enable restrictions again, it will start remembering ruleset of websites you set to TRUSTED.

comment:2 in reply to:  1 ; Changed 6 weeks ago by gk

Status: newneeds_information

Replying to kromek:

UPDATE: It seems to reproduce the issue, you have to allow restrictions globally and restart the browser. It will still have disabled restrictions, and from now on, even if you enable restrictions again, it will start remembering ruleset of websites you set to TRUSTED.

What do you mean by "allow restrictions globally"? Could you give us complete steps to reproduce this issue?

comment:3 in reply to:  2 Changed 6 weeks ago by kromek

Replying to gk:

Replying to kromek:

UPDATE: It seems to reproduce the issue, you have to allow restrictions globally and restart the browser. It will still have disabled restrictions, and from now on, even if you enable restrictions again, it will start remembering ruleset of websites you set to TRUSTED.

What do you mean by "allow restrictions globally"? Could you give us complete steps to reproduce this issue?

Sorry, I meant like this:

  • Disable restrictions globally (the S! button)
  • restart the browser
  • restrictions will still be disabled globally (they shouldn't be), so undo that manually
  • go to any website and make it TRUSTED (permanently, not temp.)
  • restart the browser and visit the website again: it will still be trusted and JS enabled for it
Last edited 6 weeks ago by kromek (previous) (diff)

comment:4 Changed 5 weeks ago by gk

Component: ApplicationsApplications/Tor Browser
Version: Tor: 0.4.2.3-alpha

Closing #32337 as duplicate.

comment:5 Changed 5 weeks ago by sysrqb

Keywords: tbb-9.0-issues noscript TorBrowser201911 added
Owner: set to tbb-team
Severity: MajorNormal
Status: needs_informationassigned

Did this only begin in Tor Browser 9? Did you upgrade from Tor Browser 8.5 or is this a new installation?

comment:6 Changed 5 weeks ago by sysrqb

Status: assignedneeds_information

comment:7 Changed 5 weeks ago by sysrqb

Keywords: TorBrowserTeam201911 added; TorBrowser201911 removed

comment:8 in reply to:  5 Changed 5 weeks ago by kromek

Replying to sysrqb:

Did this only begin in Tor Browser 9? Did you upgrade from Tor Browser 8.5 or is this a new installation?

Yes, it began in Tor Browser 9. Previously the issue was non-existent. It remains a bug in 9.0.1.
It happens in new "installation" which in my case is unpacking the TBB on Debian.

Last edited 5 weeks ago by kromek (previous) (diff)

comment:9 Changed 9 days ago by pili

Keywords: TorBrowserTeam201912 added; TorBrowserTeam201911 removed

Moving tickets to December

comment:10 Changed 8 days ago by kromek

Still happening on 9.0.2

Note: See TracTickets for help on using tickets.