noscript bypass / new identity bug
Originally created by @Anonymous on #15140 (Redmine)
If you temporarily allow a Website to use JavaScript and use the New Identity button and go back to the exact same website afterwards no script will forget that it granted temporary access to it pre-new identity yet allow scripts to be executed nonetheless
this is only reversed after closing Tor Browser for real and might be used maliciously.
easiest fix: set javascript.enabled to false on high security mode
Attachments
Edited by Anonymous