Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#7128 closed defect (fixed)

Tor Browser crashes when clicking on link

Reported by: proper Owned by: mikeperry
Priority: Very High Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: MikePerry201210
Cc: proper, erinn Actual Points: 3
Parent ID: Points:
Reviewer: Sponsor:

Description

How to reproduce:

  • http://askubuntu.com/
  • click on log in
  • click on log in with stack exchange
  • Wait maybe 20 seconds until you see "You can continue and log in manually here however.". Wait until the loading button stops. Will take a few seconds.
  • Click on it.
  • Nothing happens.
  • Click on it again.
  • Firefox terminates.

Affected version:

  • Tor Browser Bundle version 2.2.39-3
  • Tor Button 1.4.6.3
  • Firefox 10.0.0.9 ESR

Unaffected version:

  • Tor Browser Bundle version 2.2.39-1
  • Tor Button 1.4.6.3
  • Firefox 10.0.7 ESR

Child Tickets

Change History (5)

comment:1 Changed 7 years ago by mikeperry

Actual Points: 2
Keywords: MikePerry201210 added
Resolution: fixed
Status: newclosed

Ok, I think I got to the bottom of this. Turns out NoScript's ClearClick was creating and HTML5 canvas with no context. This was causing us to deref a null window pointer in the new ThirdPartyUtil::GetFirstPartyURI() call when we checked permissions for access to the canvas image data as part of #6253.

I pushed an updated patch for the GetFirstPartyURI() call to maint-2.2. I also filed #7130 to solve the deeper issue of why NoScript has no context for the API call and/or to whitelist chrome callers for the canvas patch.

comment:2 Changed 7 years ago by mikeperry

Actual Points: 23

comment:3 Changed 7 years ago by mikeperry

Oh, as a workaround, you can set noscript.clearClick to 0 in about:config, and I think that should stop the crash bug.

comment:4 Changed 7 years ago by runa

Do you know when this fix will be released?

comment:5 in reply to:  4 Changed 7 years ago by mikeperry

Cc: erinn added

Replying to runa:

Do you know when this fix will be released?

I informed Erinn about it as soon as I pushed the fix 6 days ago. Haven't heard back yet. She was in the middle of working on TBB-alpha releases, which also need to include this fix. Not sure if that complicated things.

Note: See TracTickets for help on using tickets.