Opened 9 months ago

Last modified 4 months ago

#32536 new defect

Security level set to "Safest" but JavaScript still Enabled.

Reported by: tor70001 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: noscript
Cc: ma1 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

TorBrowser 9.0.1 on Whonix.

Everything worked fine before. When level was set to "Safest" JS was disabled.But now from thin air it started lying. Set to "Safest" but don't block JS. I don't update or somehow mess with torbroswer config. It just started this.
I try restarting TorBrowser, Whonix, same issues. Tested on several sites, all says JS enabled.

Child Tickets

Attachments (1)

js.png (51.3 KB) - added by tor70001 9 months ago.
screenshot

Download all attachments as: .zip

Change History (19)

Changed 9 months ago by tor70001

Attachment: js.png added

screenshot

comment:1 Changed 9 months ago by pili

I can't reproduce this with 9.5a2...

Can someone else on whonix and 9.0.1 try to reproduce?

Last edited 9 months ago by pili (previous) (diff)

comment:2 Changed 9 months ago by cypherpunks

Unfortunately, this is not just somebody's weird settings. Seen this on Windows. Switching to Safer and back seems to fix it, but the root cause is still unknown :(

comment:3 Changed 9 months ago by pili

Does this happen every time or only from the second time the browser has been started? If so, it could be related to #31094

Also, what happens if you download Tor Browser from our website directly? Does this behaviour still happen?

comment:4 Changed 9 months ago by cypherpunks

Oh shit! It happens again!
And the console is full of:

[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21

(move it to the Tor Browser component at least)

comment:5 Changed 9 months ago by cypherpunks

Okay, got it. This is a NoScript can't update itself sanely, so that all Tor Browsers updated to NoScript 11.0.9 are destroyed:

[11-22 05:22:18] Torbutton INFO: controlPort >> 650 STREAM 1194 FAILED 993 255.255.255.255:443 REASON=END REMOTE_REASON=NOROUTE
[11-22 05:22:18] Torbutton INFO: controlPort >> 650 STREAM 1194 CLOSED 993 255.255.255.255:443 REASON=END REMOTE_REASON=NOROUTE
Tor NOTICE: Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up.
<unavailable> SyncMessage.js:216:21

ticket:32549#comment:1

comment:6 Changed 9 months ago by arma

Component: ApplicationsApplications/Tor Browser
Owner: set to tbb-team
Priority: ImmediateMedium
Severity: CriticalNormal

comment:7 Changed 9 months ago by sysrqb

Cc: ma1 added
Keywords: noscript added

Cypherpunk, are there steps for reproducing this or does it seem random?

comment:8 Changed 8 months ago by cypherpunks

Just refreshed https://blog.torproject.org/ after hibernation and got again:

[11-27 04:03:27] Torbutton INFO: tor SOCKS: https://255.255.255.255/moz-extension://[NS UUID]%2Chttps%3A%2F%2Fblog.torproject.org%2F&url=https%3A%2F%2Fblog.torproject.org%2F&top=true&suspend=true via
                       torproject.org:bd3c437faec67f5a4d99a05f1db64101
[11-27 04:03:27] Torbutton INFO: controlPort >> 650 STREAM 468 NEW 0 255.255.255.255:443 SOURCE_ADDR=127.0.0.1:52645 PURPOSE=USER
[11-27 04:03:27] Torbutton INFO: controlPort >> 650 STREAM 468 SENTCONNECT 81 255.255.255.255:443
Error: Could not establish connection. Receiving end does not exist. SyncMessage.js:193:25
[11-27 04:03:28] Torbutton INFO: controlPort >> 650 STREAM 468 DETACHED 81 255.255.255.255:443 REASON=END REMOTE_REASON=NOROUTE
...

comment:9 Changed 8 months ago by cypherpunks

Finally, clean new installation of torbrowser-install-9.0.1_en-US.exe reproduces this behavior after several hibernations.
Priority: Immediate → Medium
Severity: Critical → Normal
Revert!

comment:10 Changed 8 months ago by cypherpunks

Unfortunately, clean new installation of torbrowser-install-9.0.2_en-US.exe with NoScript 11.0.9 integrated and no updates started to show the same behavior today :( So, it's not an update bug, but NoScript is totally broken!

comment:11 Changed 8 months ago by cypherpunks

New Identity doesn't fix the issue, but Restart does: looks like some sort of race condition, so the problem could be on your side.

comment:12 Changed 8 months ago by cypherpunks

Unfortunately, this is not just somebody's weird settings. Seen this on Windows. Switching to Safer and back seems to fix it, but the root cause is still unknown :(

Doesn't work for me. Switching levels just gives:

No matching message handler for the given recipient. 2 MessageChannel.jsm:964
    _handleMessage resource://gre/modules/MessageChannel.jsm:964

comment:13 Changed 8 months ago by adrelanos

Is this related to the noscript default whitelist? (#31798) I.e. just some pages such as google.com are white listed or is javascript allowed?

comment:14 Changed 8 months ago by cypherpunks

No, it is not related.

It is a shame that tbb-team doesn't give a shit about it for more than a month!

NoScript is auto-updated to 11.0.10, so that the testing should be restarted from the beginning with the new version, but setting extensions.webextensions.remote to false seems to be a workaround so far...

Last edited 8 months ago by cypherpunks (previous) (diff)

comment:15 Changed 7 months ago by cypherpunks

Clean new torbrowser-install-9.0.4_en-US.exe and the same shit. Is somebody going to fix it?

comment:16 Changed 7 months ago by cypherpunks

Huh, it also has a sex with CPU when a new tab is opened:

Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13
Error while fetching policy <unavailable> staticNS.js:56:21
[NoScript] Policy was undefined, retrying in 1/2 sec... log.js:7:13

comment:17 Changed 7 months ago by cypherpunks

aaaaaaaaaaaand, finally: the bug is that Firefox doesn't restart dead WebExtensions Remote process!

comment:18 Changed 4 months ago by cypherpunks

Thanks to some changes in NoScript, it no longer crashes WebExtensions Remote process.
Thanks to #33613, it disables JavaScript execution, as a safe guard, when Firefox doesn't restart dead WebExtensions Remote process. Only #32549 remains in that situation.

Note: See TracTickets for help on using tickets.