Hello, it seems that the latest Tails (1.3) ships with a vulnerable version of NoScript, that allows to bypass the "Disable Scripts" settings. I know that this is outside the threat model of Tails, since scripts are enabled by default, but since some users are manually activating this setting, I think that it's still relevant.
Anyway, I wrote a quick'n'dirty proof of concept for this vuln, if you want to play a bit with it: http://dustri.org/b/noscript-script-disabled-bypass-poc-for-tails-13.html Cheers, _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
