summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsajolida <sajolida@pimienta.org>2019-05-06 14:05:23 +0000
committersajolida <sajolida@pimienta.org>2019-05-06 14:05:23 +0000
commit0a3214af4e178ec4220f300c551da02699e3122f (patch)
treeda10a04f25947edca2677718508fa6a4e0c0d311
parent3b6e93099c3057c9d758242bbc1aa70ae2777b9c (diff)
Reuse the release notes to improve the security advisory
-rw-r--r--wiki/src/security/noscript_disabled_in_tor_browser.mdwn66
1 files changed, 48 insertions, 18 deletions
diff --git a/wiki/src/security/noscript_disabled_in_tor_browser.mdwn b/wiki/src/security/noscript_disabled_in_tor_browser.mdwn
index 6209a95..21c0117 100644
--- a/wiki/src/security/noscript_disabled_in_tor_browser.mdwn
+++ b/wiki/src/security/noscript_disabled_in_tor_browser.mdwn
@@ -7,21 +7,51 @@
without taking the manual steps listed below each time you start
Tails!</div>
-Due to [a mistake in Mozilla's signing
-infrastructure](https://bugzilla.mozilla.org/show_bug.cgi?id=1548973)
-all Firefox and Tor Browser add-ons are currently disabled, which
-disables important protections (the NoScript add-on) for Tails users.
-
-To secure your Tor Browser you must follow these steps each time you
-start Tails 3.13.1:
-
- 1. Open the address `about:config` in the Tor Browser address bar
- 2. Click the "I accept the risk!" button
- 3. At the top of the page, search for
- `xpinstall.signatures.required`
- 4. Set the `xpinstall.signatures.required` entry to **false** by
- double clicking it
-
-To the right of the address bar an icon with a blue S (and possibly a
-red question mark or other variations) should appear, and this
-indicates that your browser is safe again.
+Starting from Friday May 3, a problem in *Firefox* and *Tor Browser*
+disabled all add-ons, especially *NoScript* which is used to:
+
+- Most importantly, protect against a very strong fingerprinting
+ technique called *HTML5 canvas fingerprinting* which can break your
+ anonymity.
+
+ Using HTML5 canvas fingerprinting, 2 or more collaborating websites
+ can compare how graphics and text are displayed by your computer and
+ determine whether 2 website visits are coming from the same computer
+ or not.
+
+- Strengthen *Tor Browser* against some JavaScript attacks that can lead
+ to compromised accounts and credentials on websites.
+
+- Enable or disable JavaScript on some websites using the *NoScript*
+ interface, if you use it.
+
+If *NoScript* is activated, the *NoScript* icon appears in the top-left corner
+and *Tor Browser* is safe:
+
+[[!img news/version_3.13.2/with-noscript.png alt="" link="no"]]
+
+If *NoScript* is deactivated, the *NoScript* icon is absent from the top-left corner and *Tor Browser* is unsafe:
+
+[[!img news/version_3.13.2/without-noscript.png alt="" link="no"]]
+
+## Activate *NoScript* manually
+
+To secure *Tor Browser* in Tails 3.13.1 or earlier, you must activate
+*NoScript* every time you start Tails:
+
+1. Open the address <span class="command">about:config</span> in *Tor
+ Browser*.
+
+ [[!img news/version_3.13.2/about-config.png link="no"]]
+
+1. Click the **I accept the risk!** button.
+
+1. At the top of the page, search for
+ <span class="command">xpinstall.signatures.required</span>.
+
+1. Double-click on the **xpinstall.signatures.required** line in the
+ results to set its value to **false**.
+
+1. Verify that *NoScript* is activated again.
+
+ [[!img news/version_3.13.2/xpinstall-false.png link="no"]]