NoScript Temporarily Disabled in Tor Browser
Due to a mistake in Mozilla's signing infrastructure, NoScript and all other Firefox extensions signed by Mozilla have been disabled in Tor Browser. Because they use NoScript, higher security levels are currently broken for Tor Browser users.
Mozilla is working on a fix, and we'll start building a new Tor Browser version as soon as their fix is available.
Meanwhile, anyone who is dependent on the security provided by the higher security levels can apply the following workaround:
- Open the address
about:configin the Tor Browser address bar
- At the top of the page, search for
- Set the
falseby double clicking it
Note: This workaround should only be used temporarily, as it disables a security feature. Please remember to set the
xpinstall.signatures.requiredentry back to
true again once the Tor Browser security update is applied.
Sorry for the inconvenience.
Setting the pref to false disable checking of add-ons signatures:
So you should avoid installing new add-ons while this pref is set to false (installing add-ons in Tor Browser is generally not recommended anyway).
> installing add-ons in Tor Browser is generally not recommended
Well... having less-trusted addons like NoScript preloaded in browser bundle sorta nullifies this recommendation. While some other addon can improve privacy even in private browsing environment and junk traffic thru tor circuits (which are slow already).
each noscript revision is audited before it is included in the bundle.
Sure thing. Problem is that NoScript receives updates thru addons.mozilla.org as well - as preconfigured in browser bundle effectively leaving an open sesame for any attack NoScript's author wishes to perform again, see https://adblockplus.org/blog/attention-noscript-users
That's why I don't use NoScript at all (it is rather pointless in 2019 anyway).
No it's not pointless in 2019. I can still use something like 60-70% of websites with no js, and my lameass computer doesn't lag as much.