Project

General

Profile

Bug #16706

NoScript gets disabled after a while

Added by anonym 6 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Test
Blueprint:
Starter:
Affected tool:
Browser

Description

It was discovered that the Tor Browser fix for #16694 (armagadd-on-2.0) isn't complete. All is fine the first run, but if you restart Tor Browser it will eventually recheck NoScript's validity and fail. There will be a Tor Browser 8.0.9-build2 because of this. The situation is better for Tails thanks to our amnesic filesystem: each time you boot Tails you get a "first" start, unlike outside of Tails. So we can keep -build1 in Tails 3.13.2 and instruct users to not restart Tor Browser (restart Tails instead).

This should be fixed once we import Tor Browser in the next release.


Related issues

Related to Tails - Bug #16694: NoScript is disabled thanks to armagadd-on-2.0 Resolved
Related to Tails - Bug #16690: Upgrade to Tor Browser based on Firefox 60.7 Duplicate
Related to Tails - Feature #16337: Upgrade to Tor Browser 8.5 Resolved 03/15/2019
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by anonym 6 months ago

#2 Updated by intrigeri 6 months ago

  • Priority changed from Normal to High

#3 Updated by anonym 6 months ago

This can be used to trigger the validity check immediately (paste into javascript console via ctrl+shift+j):

ChromeUtils.defineModuleGetter(this, "XPIProvider", "resource://gre/modules/addons/XPIProvider.jsm");
XPIProvider.verifySignatures();

When I run this during the first start, everything is good, but after restarting it immediately triggers the bug. This verifies that the first start is not affected, so shipping -build1 should be fine.

#4 Updated by anonym 6 months ago

  • Priority changed from High to Normal

Downgrading severity now that we know -build1 is ok as long as users don't restart Tor Browser.

#5 Updated by intrigeri 6 months ago

Downgrading severity now that we know -build1 is ok as long as users don't restart Tor Browser.

FTR I had upgraded priority for 3.14 (I thought this ticket was about 3.14), not for 3.13.2. Looks like we will have the fix in 3.14 anyway.

#6 Updated by intrigeri 6 months ago

  • Related to Bug #16694: NoScript is disabled thanks to armagadd-on-2.0 added

#7 Updated by intrigeri 6 months ago

  • Assignee set to segfault

segfault will check that this is fixed when he imports 8.5a12.

#8 Updated by intrigeri 6 months ago

  • Description updated (diff)

#9 Updated by intrigeri 6 months ago

  • Assignee changed from segfault to CyrilBrulebois

intrigeri wrote:

segfault will check that this is fixed when he imports 8.5a12.

Except that's now irrelevant since TB 8.5 will be released after next week's release ⇒ this needs to be done by whoever does #16690 (likely @CyrilBrulebois).

#10 Updated by intrigeri 6 months ago

  • Related to Bug #16690: Upgrade to Tor Browser based on Firefox 60.7 added

#11 Updated by anonym 6 months ago

  • Assignee deleted (CyrilBrulebois)

So I just read that "... everything is fine if you leave your Tor Browser open and don't do a New Identity" (source) which indicates that the New Identity feature could make NoScript disappear again, which sounds pretty bad for our users. That is contrary to what he said when I asked him before he posted that, because I actually had thought about this angle before deciding to go with -build1.

Any way, I have tried the reproduced after triggering a New Identity in Tails 3.13.2, and the bug does not occur, i.e. NoScript remains! Yay! So everything is good, and this is just a big nothing, but I thought it useful to document it somewhere.

#12 Updated by intrigeri 6 months ago

  • Assignee set to CyrilBrulebois

(Reverting change that was presumably unintentional.)

#13 Updated by intrigeri 6 months ago

#14 Updated by segfault 6 months ago

Any way, I have tried the reproduced after triggering a New Identity in Tails 3.13.2, and the bug does not occur, i.e. NoScript remains! Yay! So everything is good, and this is just a big nothing, but I thought it useful to document it somewhere.

Same for 8.5-build2. Triggered new Identity and started the browser a second time and NoScript remains.

#15 Updated by intrigeri 6 months ago

Same for 8.5-build2. Triggered new Identity and started the browser a second time and NoScript remains.

Next step: try #16706#note-3 after a restart.

#16 Updated by intrigeri 6 months ago

  • Assignee changed from CyrilBrulebois to anonym
  • QA Check set to Info Needed

@anonym, could you please explain how to "paste into javascript console via ctrl+shift+j"? Neither segfault nor myself managed to follow these instructions.

#17 Updated by intrigeri 6 months ago

  • Assignee deleted (anonym)
  • Target version changed from Tails_3.14 to Tails_3.15
  • QA Check deleted (Info Needed)

Actually, I can't see the prompt line (at the bottom of the "Browser Console" window) in an ISO built from #16337, while I can see it both in Tor Browser 8.0.9 running outside of Tails, and in Tails 3.13.2 (8.0.9 as well). So of course we can't paste JS code in a non-visible prompt :/ Same problem in 8.5-build2 started outside of Tails (no AppArmor confinement). This seems to be a 8.5 regression, I'll ensure it's known upstream (@segfault). Let's not block on this for 3.14 given this ticket is really about triple-checking something.

#18 Updated by intrigeri 6 months ago

This seems to be a 8.5 regression, I'll ensure it's known upstream.

https://trac.torproject.org/projects/tor/ticket/30530

#19 Updated by intrigeri 6 months ago

  • Assignee set to intrigeri
  • Target version changed from Tails_3.15 to Tails_3.14
  • Type of work changed from Wait to Test

On 8.5, we won't be able to use the tweak anonym documented. So the only way to triple-check this is to start Tails with Tor Browser 8.5, start Tor Browser, restart it just to be sure, and then leave it running and online for more than 24h. I'll try to do that before 3.14 but if I don't manage to, let's give up, rely on anonym's testing and Mozilla + Tor Browser folks, and close this as resolved.

#20 Updated by intrigeri 6 months ago

intrigeri wrote:

On 8.5, we won't be able to use the tweak anonym documented. So the only way to triple-check this is to start Tails with Tor Browser 8.5, start Tor Browser, restart it just to be sure, and then leave it running and online for more than 24h. I'll try to do that before 3.14

Timestamp: Tor Browser started.

#21 Updated by intrigeri 6 months ago

  • Status changed from Confirmed to In Progress

#22 Updated by intrigeri 6 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)

OK, thanks to GeKo I learnt that one can enable the Browser Console with the devtools.chrome.enabled pref. Then I've run the 2 lines of code that anonym provided above, got a pending promise back, so I saved it to a variable p = XPIProvider.verifySignatures();, and then typed p to evaluate it again and again until its state became "fulfilled". Then I checked about:addons and NoScript is still enabled. So calling this fixed.

#23 Updated by CyrilBrulebois 6 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF