Bug#720968: Enables javascript without asking
Klaus Ethgen
Klaus at Ethgen.de
Mon Aug 26 17:31:37 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: iceweasel
Version: 23.0.1-1
Severity: grave
The newest iceweasel enables javascript without asking the user.
Moreover there is no menu option anymore to disable it.
This is a massive security problem; especially when having many tabs
open on start.
- -- Package-specific info:
- -- Extensions information
Name: Adblock Plus
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Add to Search Bar
Location: ${PROFILE_EXTENSIONS}/add-to-searchbox at maltekraus.de.xpi
Status: user-disabled
Name: All-in-One Sidebar
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{097d3191-e6fa-4728-9826-b533d755359d}
Package: xul-ext-all-in-one-sidebar
Status: enabled
Name: Allow Password Remembering user-script
Status: enabled
Name: Autofill Forms
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/autofillForms at blueimp.net
Package: xul-ext-autofill-forms
Status: enabled
Name: BetterPrivacy
Location: ${PROFILE_EXTENSIONS}/{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
Status: enabled
Name: Binnen-I be gone
Location: ${PROFILE_EXTENSIONS}/{b65d7d9a-4ec0-4974-b07f-83e30f6e973f}.xpi
Status: enabled
Name: CheckPlaces
Location: ${PROFILE_EXTENSIONS}/checkplaces at andyhalford.com.xpi
Status: enabled
Name: Cookie Monster
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{45d8ff86-d909-11db-9705-005056c00008}
Package: xul-ext-cookie-monster
Status: enabled
Name: Customizable Shortcuts
Location: ${PROFILE_EXTENSIONS}/customizable-shortcuts at timtaubert.de.xpi
Status: enabled
Name: Deutsch (DE) Language Pack locale
Location: /usr/lib/iceweasel/browser/extensions/langpack-de at iceweasel.mozilla.org.xpi
Package: iceweasel-l10n-de
Status: enabled
Name: DOM Inspector
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/inspector at mozilla.org
Package: xul-ext-dom-inspector
Status: enabled
Name: DownThemAll!
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{DDC359D1-844A-42a7-9AA1-88A850A938A8}
Package: xul-ext-downthemall
Status: enabled
Name: Element Hiding Helper für Adblock Plus
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/elemhidehelper at adblockplus.org
Package: xul-ext-adblock-plus-element-hiding-helper
Status: enabled
Name: Firebug
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/firebug at software.joehewitt.com
Package: xul-ext-firebug
Status: enabled
Name: Flashblock
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Package: xul-ext-flashblock
Status: user-disabled
Name: Flickr: Show All Sizes user-script
Status: enabled
Name: GC little helper user-script
Status: enabled
Name: GC Tour user-script
Status: enabled
Name: Ghostery
Location: ${PROFILE_EXTENSIONS}/firefox at ghostery.com
Status: enabled
Name: Golem Tuning user-script
Status: enabled
Name: Greasemonkey
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
Package: xul-ext-greasemonkey
Status: enabled
Name: heise telepolis Anpassung user-script
Status: user-disabled
Name: Heise TrollEx user-script
Status: enabled
Name: Heise Tuning user-script
Status: enabled
Name: HTTPS-Everywhere
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/https-everywhere at eff.org
Package: xul-ext-https-everywhere
Status: enabled
Name: It's All Text!
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/itsalltext at docwhat.gerf.org
Package: xul-ext-itsalltext
Status: enabled
Name: LavaFox V2-Green theme
Location: ${PROFILE_EXTENSIONS}/zigboom at ymail.com
Status: user-disabled
Name: Linky
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/linky at gemal.dk
Package: xul-ext-linky
Status: enabled
Name: Live HTTP headers
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
Package: xul-ext-livehttpheaders
Status: enabled
Name: New Torrent Notifier user-script
Status: enabled
Name: NoScript
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232}
Package: xul-ext-noscript
Status: enabled
Name: PwdHash
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{bb8d77b0-a845-4249-a205-ef7395587b69}
Package: xul-ext-pwdhash
Status: enabled
Name: RefControl
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
Package: xul-ext-refcontrol
Status: enabled
Name: ScrapBook
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{53A03D43-5363-4669-8190-99061B2DEBA5}
Package: xul-ext-scrapbook
Status: enabled
Name: SmoothWheel (AMO)
Location: ${PROFILE_EXTENSIONS}/{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
Status: user-disabled
Name: Standard theme
Location: /usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: Tab Mix Plus
Location: ${PROFILE_EXTENSIONS}/{dc572301-7619-498c-a57d-39143191b318}.xpi
Status: enabled
Name: Uppity
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{16cbd87c-eb99-4f5c-9825-83cf13ab7ff8}
Package: xul-ext-uppity
Status: enabled
Name: User Agent Switcher
Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
Package: xul-ext-useragentswitcher
Status: user-disabled
Name: Vimperator
Location: ${PROFILE_EXTENSIONS}/vimperator at mozdev.org.xpi
Status: user-disabled
Name: What.CD: Colorize Freeleech, Neutral Leech, and Reported Items user-script
Status: enabled
Name: What.cd - Identicons user-script
Status: enabled
Name: What.CD: Toggle Format Visibility user-script
Status: enabled
Name: What Genre? user-script
Status: enabled
- -- Plugins information
Name: Shockwave Flash
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled
- -- Addons package information
ii iceweasel 23.0.1-1 amd64 Web browser based on Firefox
ii iceweasel-l10n 1:23.0.1-1 all German language package for Icewe
ii xul-ext-adbloc 2.3.2-1 all advertisement blocking extension
ii xul-ext-adbloc 1.2.3-1 all companion for Adblock Plus to cre
ii xul-ext-all-in 0.7.18-1 all sidebar extension for Iceweasel/F
ii xul-ext-autofi 0.9.8.3-5 all Iceweasel/Firefox add-on that ena
ii xul-ext-cookie 1.1.0-5 all makes it very easy to manage cook
ii xul-ext-dom-in 1:2.0.14-1 all tool for inspecting the DOM of we
ii xul-ext-downth 2.0.16-1 all iceweasel extension with advanced
ii xul-ext-firebu 1.9.2~b2-1 all web development plugin for Icewea
ii xul-ext-flashb 1.5.17-1 all Mozilla extension to block Adobe
ii xul-ext-grease 0.9.20-1 all extension that enables customizat
ii xul-ext-https- 3.4.1-1 all extension to force the use of HTT
ii xul-ext-itsall 1.8.1-1 all extension to edit textareas using
ii xul-ext-linky 3.0.0-4 all iceweasel extension to handle web
ii xul-ext-liveht 0.17-3 all Adds information about the HTTP h
ii xul-ext-noscri 2.6.7.1-1 all Javascript/plugins permissions ma
ii xul-ext-pwdhas 1.7-13 all per-site password generator for M
ii xul-ext-refcon 0.8.16-2 all control what gets sent as the HTT
ii xul-ext-scrapb 1.5.6-1 all Iceweasel/Firefox extension to sa
ii xul-ext-uppity 1.5.8-3 all toolbar button to "go up" on the
ii xul-ext-userag 0.7.3-1 all Iceweasel/Firefox addon that allo
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (800, 'unstable'), (600, 'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.9.4 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4
ii fontconfig 2.10.2-2
ii libc6 2.17-92
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.36.4-1
ii libgtk2.0-0 2.24.20-1
ii libnspr4 2:4.10-1
ii libnspr4-0d 2:4.10-1
ii libsqlite3-0 3.7.17-1
ii libstdc++6 4.8.1-9
ii procps 1:3.3.8-2
ii xulrunner-23.0 23.0.1-1
iceweasel recommends no packages.
Versions of packages iceweasel suggests:
ii fonts-stix [otf-stix] 1.1.0-1
ii libgssapi-krb5-2 1.11.3+dfsg-3
pn mozplugger <none>
Versions of packages xulrunner-23.0 depends on:
ii libasound2 1.0.25-4
ii libatk1.0-0 2.8.0-2
ii libbz2-1.0 1.0.6-5
ii libc6 2.17-92
ii libcairo2 1.12.14-5
ii libdbus-1-3 1.6.12-1
ii libdbus-glib-1-2 0.100.2-1
ii libevent-2.0-5 2.0.21-stable-1
ii libfontconfig1 2.10.2-2
ii libfreetype6 2.4.9-1.1
ii libgcc1 1:4.8.1-9
ii libgdk-pixbuf2.0-0 2.28.2-1
ii libglib2.0-0 2.36.4-1
ii libgtk2.0-0 2.24.20-1
ii libhunspell-1.3-0 1.3.2-4
ii libmozjs23d 23.0.1-1
ii libnspr4 2:4.10-1
ii libnss3 2:3.15.1-1
ii libpango-1.0-0 1.32.5-5+b1
ii libpangocairo-1.0-0 1.32.5-5+b1
ii libpangoft2-1.0-0 1.32.5-5+b1
ii libpixman-1-0 0.30.2-1
ii libsqlite3-0 3.7.17-1
ii libstartup-notification0 0.12-3
ii libstdc++6 4.8.1-9
ii libvpx1 1.2.0-2
ii libx11-6 2:1.6.1-1
ii libxext6 2:1.3.2-1
ii libxrender1 1:0.9.8-1
ii libxt6 1:1.1.4-1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages xulrunner-23.0 suggests:
ii libcanberra0 0.30-2
ii libgnomeui-0 2.24.5-2
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQGcBAEBCgAGBQJSG5D2AAoJEKZ8CrGAGfas8lwL/itpRe5ETp3KTIf9bBKZy+WG
doQw2xdeDBZJzHrhAkIrZpuZbwJ6At1887BfKeVKfQ3I7LmPyE1ZGb5Mag6G6pDi
DkkTV0FEyARxifckiyGsSRDO5rkvXZeMfFxDLISIMtld5CBkO4crAyRNQzHO5PfD
pOxLGJUY8UF5G5LKUKhXLFMoGYZPIf/2iNM8xdDXuYU9aoFzghqHynMeUeqPIitF
PILU95cQd7gx+6JWubYEOCgx1uNun7AOzsu5lXRX0qpnzUmNoB5gWnLEi0aIcppa
0U9/LV2MOvsu0HA2WbtlTUvGqvOTyhYo+zMv+CBn4Ve97VcHdXSu7M5K0lOM62l0
PDRbOLJkVbHqx603WhBZuCHLy9XhJDztZCothHgHY3oM37rTZAmmOtturmRPt+Y6
q3OcChBYf+VR0GM85xI2cZ30ahov99XBQbhJACOXrZ/NIK22WO4QuN6GH8VOCZMV
dwMPFe+g/D3RffCAEikc7PYPwZpPymPkdlu5hOwlRw==
=xfM/
-----END PGP SIGNATURE-----
More information about the pkg-mozilla-maintainers
mailing list