[Tails-dev] NoScript 2.6.9.15

Delete this message

Reply to this message
Autor: jvoisin
Data:  
A: tails-dev >> The Tails public development discussion list
Assumpte: [Tails-dev] NoScript 2.6.9.15
Hello,

it seems that the latest Tails (1.3) ships with a vulnerable version of
NoScript, that allows to bypass the "Disable Scripts" settings. I know
that this is outside the threat model of Tails, since scripts are
enabled by default, but since some users are manually activating this
setting, I think that it's still relevant.

Anyway, I wrote a quick'n'dirty proof of concept for this vuln, if you
want to play a bit with it:
http://dustri.org/b/noscript-script-disabled-bypass-poc-for-tails-13.html

Cheers,