Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2022-12-13T08:31:15Zhttps://gitlab.torproject.org/legacy/trac/-/issues/8324Tor Browser 2.3.25-4 crashes with Drag and Drop on Windows2022-12-13T08:31:15ZcypherpunksTor Browser 2.3.25-4 crashes with Drag and Drop on WindowsIn the past 24 hours my browser crashed like 30-40 times. This wasn't the case with the previous versions.
Heavy webpages and loading too many tabs of them was always freezing my browser but I don't think that they were crashing it. Sin...In the past 24 hours my browser crashed like 30-40 times. This wasn't the case with the previous versions.
Heavy webpages and loading too many tabs of them was always freezing my browser but I don't think that they were crashing it. Since 2.3.25-4 it brings my browser closer to crashing but that's not the only cause. For example, when I drag & drop a html or txt file to Tor Browser it mostly crashes. And I use the middle click scrolling too much and that's another trigger for crashing.
My OS: Windows 7 64 bitMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8312Remove "This Plugin is Disabled" click-through2020-06-15T23:36:31ZproperRemove "This Plugin is Disabled" click-throughI try a newbie user perspective...
> I just want to see that video. Let's go to that video site.
> Ok. Hmm. I see...
>> "The plugin is disabled.*
>> Manage plugins..."
> Click!
> Flash... Enable...
> Doesn't work. Let's try another page...I try a newbie user perspective...
> I just want to see that video. Let's go to that video site.
> Ok. Hmm. I see...
>> "The plugin is disabled.*
>> Manage plugins..."
> Click!
> Flash... Enable...
> Doesn't work. Let's try another page. It says...
>> "Click here to activate unknown plugin."
> Click!
And boom. The user shoot it's own feet.
The option "Tor Button -> Preferences -> Security Settings -> Disable Browser Plugins (such as Flash)" is checked.
I think this is a regression. If that Tor Button setting is set, plugins shouldn't get activated, unless that option gets unchecked.
Version: Tor Browser Bundle (2.3.25-4)Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/6386Deadlock/hang/crash on TBB New Identity2020-06-13T02:07:32ZMike PerryDeadlock/hang/crash on TBB New IdentityRecently, I've noticed occasional deadlock on New Identity, especially if the browser is busy doing network activity when it is clicked, but not always.
I have not yet established a solid repro case in order to debug it.Recently, I've noticed occasional deadlock on New Identity, especially if the browser is busy doing network activity when it is clicked, but not always.
I have not yet established a solid repro case in order to debug it.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/6202Rewrite E4X cooke storing+parsing code2020-06-13T02:03:27ZMike PerryRewrite E4X cooke storing+parsing codeFirefox 15 deprecates support for E4X, which we use in Torbutton to read and write protected cookies and maybe for some other stuff too. We need to rewrite that code to use xpath, JXON, or DOM manipulations.
HTTPS-Everywhere chose DOM m...Firefox 15 deprecates support for E4X, which we use in Torbutton to read and write protected cookies and maybe for some other stuff too. We need to rewrite that code to use xpath, JXON, or DOM manipulations.
HTTPS-Everywhere chose DOM manipulations. See #5893.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8313Display a confirmation upon enabling Flash2013-03-14T21:13:41ZMike PerryDisplay a confirmation upon enabling FlashFor #7470, we've made it really easy to enable flash. In fact, there are now at least three separate routes through the UI to do this that all accomplish the same thing, and none of them really convey to the user what they are getting th...For #7470, we've made it really easy to enable flash. In fact, there are now at least three separate routes through the UI to do this that all accomplish the same thing, and none of them really convey to the user what they are getting themselves in to. We should find some way to attach an observer to the plugin controller that actually does this enabling, and display a confirmation dialog that asks the user if they really want to shoot themselves in the foot.
See also #8312.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5183Localize "Spoof English" prompt's radiobutton values2013-03-14T21:11:42ZRobert RansomLocalize "Spoof English" prompt's radiobutton valuesestebanm reproduced this bug with an “es_ES.UTF-8” locale. This isn't so bad for Spanish (in which “No” translates to “No”), but imagine this happening in a Korean or Farsi TBB.estebanm reproduced this bug with an “es_ES.UTF-8” locale. This isn't so bad for Spanish (in which “No” translates to “No”), but imagine this happening in a Korean or Farsi TBB.TorBrowserBundle 2.2.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8335Torbutton 1.5 Causing Repeated HTTP Auth Prompts for Every Page2013-03-14T21:10:49ZTracTorbutton 1.5 Causing Repeated HTTP Auth Prompts for Every PageTor Browser Bundle (2.3.25-4) includes Torbutton 1.5 which appears to invalidate HTTP authentication after each page is loaded when the http authentication is on the root directory of the website.
This message appears in the Error Conso...Tor Browser Bundle (2.3.25-4) includes Torbutton 1.5 which appears to invalidate HTTP authentication after each page is loaded when the http authentication is on the root directory of the website.
This message appears in the Error Console after entering the authentication information into the HTTP auth prompt:
Torbutton NOTE: Removing 3rd party HTTP auth for url: [scrubbed]
The result is that the user must enter the HTTP authentication information for each page on the website.
There was no issue in prior releases of the Tor Browser Bundle.
The expected behavior is that the browser should store the http authentication credentials until Active Logins are clear or a New Identity is selected.
**Trac**:
**Username**: tas142TorBrowserBundle 2.3.x-stableMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8422DOM localStorage not cleared on New Identity2013-03-14T21:08:31ZMike PerryDOM localStorage not cleared on New Identityhttp://www.stevesouders.com/blog/2012/09/10/clearing-browser-data/ reveals that despite the documentation on MDC (https://developer.mozilla.org/en/DOM/Storage#Storage_location_and_clearing_the_data), window.localStorage is NOT cleared by...http://www.stevesouders.com/blog/2012/09/10/clearing-browser-data/ reveals that despite the documentation on MDC (https://developer.mozilla.org/en/DOM/Storage#Storage_location_and_clearing_the_data), window.localStorage is NOT cleared by the "cookie-changed" observer event. We need to clear it explicitly. Isn't that cute. Another evercookie vector.
Since we enabled DOM storage for FF17, this is a regression, and a pretty bad one at that.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8382IndexedDB and Offline Cache can get enabled, but New Identity doesn't clear them2013-03-14T21:08:27ZMike PerryIndexedDB and Offline Cache can get enabled, but New Identity doesn't clear themIn #3100, I made IndexedDB and the Offline Cache tied to the TBB disk pref. If you allow disk access, they're on. However, New Identity doesn't currently clear them.
The user is at least prompted before these caches are used, even if th...In #3100, I made IndexedDB and the Offline Cache tied to the TBB disk pref. If you allow disk access, they're on. However, New Identity doesn't currently clear them.
The user is at least prompted before these caches are used, even if they are enabled, but we still should probably clear them on New Identity...Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8423TBB always clears cookies at shutdown2013-03-14T21:08:23ZMike PerryTBB always clears cookies at shutdownI just found some old cruft code that causes us to always clear our cookies, regardless of your disk prefs.I just found some old cruft code that causes us to always clear our cookies, regardless of your disk prefs.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/8386Disable NoScript Audio/Video Click-to-Play2013-03-14T20:59:38ZMike PerryDisable NoScript Audio/Video Click-to-PlayThe NoScript barrier for HTML5 video really makes Youtube confusing. I think it might be time to declare that WebM and H.264 have had enough time in the sun to trust them to run by default. I haven't seen any vulnerabilities in WebM in t...The NoScript barrier for HTML5 video really makes Youtube confusing. I think it might be time to declare that WebM and H.264 have had enough time in the sun to trust them to run by default. I haven't seen any vulnerabilities in WebM in the Firefox advisory list, so perhaps it actually is a solid codec?Mike PerryMike Perry