Opened 7 months ago

Last modified 7 months ago

#33614 new defect

Issue with NoScript in Tor Browser

Reported by: Tor235 Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Critical Keywords: tbb-triage-level2-needed
Cc: ma1 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


While using Tor Browser (set to the "safest" security level), upon visiting a website, the NoScript icon stopped having the red "do not enter" symbol -- instead, it had a question mark next to the "letter S".

Normally, with the security level set to "safest" and visiting a website that has scripts, the red "do not enter" symbol appears over the NoScript icon (i.e. it blocks scripts). This time, when visiting a website with scripts, the red "do not enter" symbol did NOT appear. When I clicked the NoScript icon, the following message appeared:

"In order to operate on this tab, NoScript needs to reload it. Proceed?"

My question is, when this happened, were the scripts blocked or not? Did the scripts on the website "leak" (i.e. not get blocked) in spite of the fact that I had the browser set to the "safest" security level?

Is this a known bug with NoScript? Did NoScript fail to block the scripts on the website I visited?

The Tor Browser used is/was version 9.0.6.

Child Tickets

Change History (2)

comment:1 Changed 7 months ago by pili

Cc: ma1 added
Keywords: tbb-triage-level2-needed added
Version: Tor: unspecified

comment:2 Changed 7 months ago by ma1

This most likely happened when you received the update from 11.0.15 to 11.0.17, and it's due to the new version not being able to exchange messages with the "old" content script on the page.

If everything was back to normal after reloading the page(s) you don't need to worry, as each page (even before the reload) was keeping its restrictions enforced even though it was not able to notify the updated NoScript UI about them. Can you confirm this is the case?

I understand this is confusing, and unfortunately is likely to happen on each update :(
I still need to figure out an acceptable work-around.

Last edited 7 months ago by ma1 (previous) (diff)
Note: See TracTickets for help on using tickets.