|
[[!meta date="Sat, 04 May 2019 00:00:00 +0000"]]
|
|
|
[[!meta title="Tor Browser not safe without manual action"]]
|
|
|
[[!pagetemplate template="news.tmpl"]]
|
[[!pagetemplate template="news.tmpl"]]
|
|
[[!tag security/fixed]]
|
[[!tag security/fixed]]
|
|
<div class="caution">Tor Browser in Tails 3.13.1 is not safe to use
without taking the manual steps listed below each time you start
Tails!</div>
|
|
|
Starting from Friday May 3, a problem in *Firefox* and *Tor Browser* disabled all add-ons, especially *NoScript* which is used to:
|
|
|
Strengthen *Tor Browser* against some JavaScript attacks that can lead to compromised accounts and credentials on websites.
|
|
|
Enable or disable JavaScript on some websites using the *NoScript* interface, if you use it.
|
|
|
If *NoScript* is activated, the *NoScript* icon appears in the top-right corner and *Tor Browser* is safe:
|
|
|
[[!img news/version_3.13.2/with-noscript.png alt="" link="no"]]
|
|
|
If *NoScript* is deactivated, the *NoScript* icon is absent from the top-right corner and *Tor Browser* is unsafe:
|
|
|
[[!img news/version_3.13.2/without-noscript.png alt="" link="no"]]
|
|
|
Activate *NoScript* manually
|
|
|
To secure *Tor Browser* in Tails 3.13.1 or earlier, you must activate *NoScript* every time you start Tails:
|
|
|
Open the address <span class="command">about:config</span> in *Tor Browser*.
|
|
|
[[!img news/version_3.13.2/about-config.png link="no"]]
|
[[!img news/version_3.13.2/about-config.png link="no"]]
|
|
Click the **I accept the risk!** button.
|
|
|
At the top of the page, search for <span class="command">xpinstall.signatures.required</span>.
|
|
|
Double-click on the **xpinstall.signatures.required** line in the results to set its value to **false**.
|
|
|
Verify that *NoScript* is activated again.
|
|
