-
Georg Koppen authored
Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246 is filtering content requests to resource:// and chrome:// URIs in a way that neuters this fingerprinting vector while not breaking standard Tor Browser functionality. However, there are extensions like Session Manager that are broken with this strategy. Users who think having extensions like that one working is much more important than avoiding the possible information leakage associated with that get a preference they can toggle now. 'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by default 'false' but setting it to 'true' effectively disables our defense we developed in #8725 and related bugs.
84ff0075