Nevermind, I made an ad-hoc page to reproduce. Spinning off a new bug to track the fix, thanks.

Could you please provide also the main URL of the page where you can see this happening?

Why do you use about:blank when data:text/plain;base64 is available?

Because data: wouldn't work (illegal URL): https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs/create#url

And why "local" instead of "session"

Because it wouldn't work either: storage.session data can't survive browser.runtime.reload(), otherwise I would obviously be glad of skipping this whole encrypted "lifeboat" dance.

Lgtm, thanks.

Merge Info

Issues

Resolves

• #44657
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Related

• #44394
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Merging

Target Branches

• tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

• Alpha: rapid release, 16.0
• Stable: esr140-15.0
• Legacy: esr115-13.5

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Upstream

• Patchset is a candidate for uplift to Firefox
• Patchset is a backport from Firefox
  • Bugzilla link: https://bugzilla.mozilla.org/show_bug.cgi?id=2016052
  • Upstream commit: 7a8cc12b + a2fa7105 to enable it

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /request_review all the relevant reviewers
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • ci/cd: brizental, henry
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Cherry-picked upstream's 7a8cc12b + a2fa7105 to enable it.

How Tested

Not tested, inspected that the cherry-pick looks good.

Merge Info

Issues

Resolves

• #44772
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Related

• tor-browser#xxxxx
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Merging

Target Branches

• tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

• Alpha: rapid release, 16.0
• Stable: esr140-15.0
• Legacy: esr115-13.5

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Upstream

• Patchset is a candidate for uplift to Firefox
• Patchset is a backport from Firefox
  • Bugzilla link:
  • Upstream commit:

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /request_review all the relevant reviewers
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • ci/cd: brizental, henry
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Skip the efficient randomization.

Use the normal one instead.

How Tested

Canvases still seem spoofed?

lgtm, thank you!

Merge Info

Issues

Resolves

• #521
• tor-browser#xxxxx
• tor-browser-build#xxxxx

Related

• mullvad-browser#xxxxx
• tor-browser#xxxxx
• tor-browser-build#xxxxx

Merging

Target Branches

• mullvad-browser - !fixups to mullvad-browser-specific commits, new features, security backports
• base-browser and tor-browser - !fixups to base-browser-specific commits or new features to be shared with tor-browser
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and tor-browser branches here

Target Channels

• Alpha: rapid release, 16.0
• Stable: esr140-15.0

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Upstream

• Patchset is a candidate for uplift to Firefox
• Patchset is a backport from Firefox
  • Bugzilla link:
  • Upstream commit:

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /request_review all the relevant reviewers
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • ci/cd: brizental, henry
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Usual rebase

How Tested

Fixed in NoScript 13.6.7.906 by https://github.com/hackademix/noscript/commit/58b9f7db32fbee5282703ffb647007b9ef5623ab

Closing as NoScript 13.6.8.1984 is deployed and ready for inclusion in Tor Browser 15.0.8.

lgtm, thank you!

Merge Info

Issues

Resolves

• #44771
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Related

• tor-browser#xxxxx
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Merging

Target Branches

• tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• base-browser and mullvad-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • ⚠️ IMPORTANT: Please list the base-browser-specific commits which need to be cherry-picked to the base-browser and mullvad-browser branches here

Target Channels

• Alpha: rapid release, 16.0
• Stable: esr140-15.0
• Legacy: esr115-13.5

Backporting

Timeline

• No Backport (preferred): patchset for the next major stable
• Immediate: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport

(Optional) Justification

• Security update: patchset contains a security fix (be sure to select the correct item in Timeline)
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Upstream

• Patchset is a candidate for uplift to Firefox
• Patchset is a backport from Firefox
  • Bugzilla link:
  • Upstream commit:

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /request_review all the relevant reviewers
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • ci/cd: brizental, henry
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, morgan
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : brizental, clairehurst, dan, ma1, pierov, morgan
  • security : jwilde, ma1
  • signing : boklm, morgan
  • updater : pierov
  • windows : jwilde, morgan
  • misc/other : pierov, morgan

Change Description

Usual rebase.

How Tested

Fixed in 13.6.7.708 (13.6.8 on stable) by https://github.com/hackademix/noscript/commit/a0ab15c75a3e1ba7fda1eeab8a1f96461f26b7c0

This seems to be expected, because (not sure why, probably for fingerprinting purposes) the site require WASM not to hide the content (which, ironically, is shown if you disable JavaScript outright).

The issue, if any, is the since all the errors due to WASM being disabled are caught by the web scripts, NoScript cannot give feedback about the WASM access attempt.

Keeping open to see if we can do better about this.

Confirmed, investigating.