#22809: Tor Browser does not provide red security warning for downloading executable in HTTP --------------------------------------+----------------- Reporter: naif | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: - Select a component | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------+----------------- This ticket is to enhance Tor Browser that today does not provide red security warning for downloading executable in HTTP in clear text that can be easy subject to MITM attacks.
Actually there's a ticket sitting on Mozilla Firefox to implement exactly that https://bugzilla.mozilla.org/show_bug.cgi?id=1303739 . The very same should apply for mixed content where from an HTTPS website there's download of executable from an HTTP resource. Attached the standard warning provided by Firefox that does not explain to the end-user how risky is the download of an executable over HTTP in clear. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs