Project

General

Profile

Feature #7127

Evaluate Tor Browser's new JavaScript security enhancements

Added by anonym over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/27/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Wait
Blueprint:
Starter:
No
Affected tool:
Browser

Description

We did not import commit 7febc36b4c770dec084def2696bd0f956ef9442f ("Add security enhancements suggested by Jesse Ruderman.") into our Iceweasel 24.5.0esr build since they hadn't been tested much in the wild at the time of building and so may introduce subtle regressions, which would be a shame for the Tails 1.0 release. This should be re-evaluated in time for Tails 1.1.

This change is already live in Tor Browser 3.6-beta-2, and will be in the stable 3.5.5 release AFAICT, so we should ask Mike Perry or the other TBB people how it all went.

History

#1 Updated by intrigeri over 5 years ago

  • Subject changed from Evaluate Tor Browser's new JS security enhancements to Evaluate Tor Browser's new JavaScript security enhancements

#2 Updated by intrigeri over 5 years ago

  • Type of work changed from Research to Wait

Let's wait for the TBB team's plans on https://trac.torproject.org/projects/tor/ticket/9387.

#3 Updated by intrigeri over 5 years ago

  • Assignee set to anonym

That's related to building our browser, so putting it on the RM's plate.

#4 Updated by anonym about 5 years ago

These settings are present in our 24.5.0esr-1+tails1~bpo70+1. However, they severely degrades JavaScript performance to the point where the TBB people are considering a revert.

#5 Updated by anonym about 5 years ago

It's gonna be in TBB 3.6.2, although it was moved from its dedicated commit into the general "Tor Browser's Firefox preference overrides" one. I say we keep these settings for now then, and ship them in Tails 1.0.1. Perhaps we should still keep this ticket around with the Tails_1.1 milestone so we track the progress on this front a bit more, since there's still no final decision really on the upstream ticket.

#6 Updated by intrigeri about 5 years ago

Agreed!

#7 Updated by intrigeri about 5 years ago

For the record: these new JS settings are now set in Tails 1.0.1, and in current testing/devel branch (#7379).

#8 Updated by intrigeri about 5 years ago

  • Status changed from Confirmed to Resolved

We've included these changes in Tails 1.0.1, and received very little complains, so I say we have no reason to deviate from the Tor Browser's settings here. If they decide to keep it, we'll keep it. If they drop it, we'll drop it as well.

#9 Updated by intrigeri about 5 years ago

The Tor Browser team is revisiting this decision: https://trac.torproject.org/projects/tor/ticket/12653

Also available in: Atom PDF