1.3.x: tor:// URL support may allow attacks on Torbutton
[https://twitter.com/egyp7/status/26023995288]
Mike Perry thinks this tweet is about the possibility that a web site could detect the presence of Torbutton by putting a tor: URL in an IFRAME and measuring how long Firefox takes to report a page-not-found error -- if Torbutton is not installed, it fails immediately; if Torbutton is installed, it waits until the user responds to a pop-up dialog, and then either fails the load attempt or switches into Tor mode and loads the URL.
The warning dialogs might also allow a DoS attack on Torbutton users -- JavaScript can repeatedly add IMG tags to a page with tor: source URLs, and the repeated popups will make a user's browser unusable.