Privacy Patch: Don't expose navigator.AddonManager to content (from tor browser) #204
Comments
ilikenwf
changed the title
|
Will look into this as well. Will probably remove it as we move away from the AMO. |
|
Nice - so you're going to start hosting the "full" addons eventually?
Either way there are lots of tor browser commits we could probably fit into
Waterfox as many of them just harden privacy and security without breaking
any functionality.
…On Mon, Sep 4, 2017 at 8:41 PM, Alex Kontos ***@***.***> wrote:
Will look into this as well. Will probably remove it as we move away from
the AMO.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#204 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAZUOpF4999YNovMCAqSlJfQLTklBreJks5sfGBmgaJpZM4PLHr6>
.
|
|
@MrAlex94 in v68 we should default privacy.resistFingerprinting.block_mozAddonManager to true as they added a hidden pref for it. This and many other things are already set in the ghacks user.js file - it would be nice to see some kind of integration of that project and the user-overrides method someday... Until then a few of my tickets could probably be solved using settings from ghacks user.js |
Just to point out, Waterfox 56 has this pref too - #449 |
|
I guess we can leave it open so we can default both. |
Unfortunately it looks like making this default isn't viable. Apparently that broke AMO for some Mac OS users - #1350 |
While other Tor privacy patches and commits exist, this one is yet another that will prevent "privileged" sites from getting a list of our installed addons. This one doesn't seem to be slated for upstream use in Firefox mainline yet.
There are others like this one that would be beneficial since most are used with options, IE the one that allows setting the max number of fonts used per page.
https://gitweb.torproject.org/tor-browser.git/patch/?id=5493716
The text was updated successfully, but these errors were encountered: