-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It should be noted that this regression (introduced in 2.6.9.13 and fixed in 2.6.9.15) is mitigated by the data: URI content being run with a null principal, i.e. being considered cross-domain in respect of any other document (including the page which originated it), therefore its ability to do nasty thing (e.g. reading cookies, collecting sensitive data or execute plugin content) is impaired.
You can observe this by replacing "alert(1)" with "alert(document.domain)" (you'll get an empty string) or "alert(opener.location.href)" (you'll throw a security error) in the provided PoC. However yes, upgrading to latest NoScript as soon as it's released is always advisable for security-minded users. - -- G On 01/03/2015 14:24, jvoisin wrote: > Hello, > > it seems that the latest Tails (1.3) ships with a vulnerable version of > NoScript, that allows to bypass the "Disable Scripts" settings. I know > that this is outside the threat model of Tails, since scripts are > enabled by default, but since some users are manually activating this > setting, I think that it's still relevant. > > Anyway, I wrote a quick'n'dirty proof of concept for this vuln, if you > want to play a bit with it: > http://dustri.org/b/noscript-script-disabled-bypass-poc-for-tails-13.html > > Cheers, > _______________________________________________ > Tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to [email protected]. - -- Giorgio Maone https://maone.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJU8x5KAAoJECMag6/anCQ0wv8H/RveJ1YUKPCE2arhXBMYpr0k 2LGIcjeF5yF1jxfJx183MwvQ1Mp59MQ8U/H4kBkZC8qFWntHi/6WoHYXDrVE3gsm 0BFwTdRadrkNb7Q3ctsVJj2GLJQvjzbEDHMH6BbHDoTz9/KsModSysDLegQcSf6L HlIcxokkb/x4pvxmhWyOlO8HoygKLIc1XFKUMb8QVnFf9u5FmStd/zKrbcCVmS91 aZeyc7pSZOFbxxqbCokJjopbq+DWaXxE/b//cA1Ltir5EMCWnZpRT6gAL4Zq2SQO NcTRhhrpVUZQgCTEcQ8RPxUaY3NVLdrv0dPdqf/rWJwq5x4usKgmvXT6U4iZ8Ks= =D1EL -----END PGP SIGNATURE----- _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
