Package: iceweasel Version: 17.0.8esr-1~deb7u1 Severity: normal Dear Maintainer,
On startup, iceweasel by default loads a home page that fetches remote javascript from Mozilla's servers, which can't be guaranteed to not contain proprietary software. The code is in <chrome://browser/content/abouthome/aboutHome.js>. Simplified, it looks like this: let updateURL = localStorage["snippets-update-url"]; //the URL is: https://snippets.mozilla.com/3/Iceweasel/17.0.8/20130806234539/Linux_x86_64-gcc3/en-US/default/Linux%203.2.0-4-amd64%20(GTK%202.24.10)/default/default/ let xhr = new XMLHttpRequest(); xhr.open("GET", updateURL, true); //later, when complete: localStorage["snippets"] = xhr.responseText; let snippetsElt = document.getElementById("snippets"); let snippets = localStorage["snippets"]; snippetsElt.innerHTML = snippets; 2 possible solutions: Remove the "snippets" code from /content/browser/abouthome/aboutHome.js from /usr/share/iceweasel/chrome/browser.jar Or, preferably, disable javascript by default. In /etc/iceweasel/profile/prefs.js add a new line: user_pref("javascript.enabled", false); Workaround (untested): The first time you run Iceweasel, use this commandline: iceweasel about:blank Then, either disable javascript in the preferences, or set your homepage to about:blank Contrary to the bug filing instructions, I have not filed this bug with Mozilla upstream. I don't think they really take software freedom seriously enough (especially in the context of javascript on the web) that they would consider fixing this. When producing the bug, I ran with a brand-new profile, in safe mode. -- Package-specific info: -- Extensions information Name: Adblock Plus Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Package: xul-ext-adblock-plus Status: enabled Name: Default theme Location: /usr/lib/iceweasel/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd} Package: iceweasel Status: enabled Name: NoScript Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{73a6fe31-595d-460b-a920-fcc0f8843232} Package: xul-ext-noscript Status: enabled Name: RefControl Location: ${PROFILE_EXTENSIONS}/{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi Status: enabled Name: Status-4-Evar Location: /usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/status4e...@caligonstudios.com Package: xul-ext-status4evar Status: enabled -- Plugins information Name: Gnome Shell Integration Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so Package: gnome-shell Status: enabled -- Addons package information ii gnome-shell 3.4.2-7 amd64 graphical shell for the GNOME des ii iceweasel 17.0.8esr-1~ amd64 Web browser based on Firefox ii xul-ext-adbloc 2.1-1+deb7u1 all Advertisement blocking extension ii xul-ext-noscri 2.1.4-1 all Javascript/plugins permissions ma ii xul-ext-status 0.2012.04.21 all Status bar widgets and progress i -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iceweasel depends on: ii debianutils 4.3.2 ii fontconfig 2.9.0-7.1 ii libc6 2.13-38 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk2.0-0 2.24.10-2 ii libnspr4 2:4.9.2-1 ii libnspr4-0d 2:4.9.2-1 ii libsqlite3-0 3.7.13-1+deb7u1 ii libstdc++6 4.7.2-5 ii procps 1:3.3.3-3 ii xulrunner-17.0 17.0.8esr-1~deb7u1 iceweasel recommends no packages. Versions of packages iceweasel suggests: pn fonts-stix | otf-stix <none> ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 pn mozplugger <none> Versions of packages xulrunner-17.0 depends on: ii libasound2 1.0.25-4 ii libatk1.0-0 2.4.0-2 ii libbz2-1.0 1.0.6-4 ii libc6 2.13-38 ii libcairo2 1.12.2-3 ii libdbus-1-3 1.6.8-1+deb7u1 ii libdbus-glib-1-2 0.100.2-1 ii libevent-2.0-5 2.0.19-stable-3 ii libfontconfig1 2.9.0-7.1 ii libfreetype6 2.4.9-1.1 ii libgcc1 1:4.7.2-5 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgtk2.0-0 2.24.10-2 ii libhunspell-1.3-0 1.3.2-4 ii libjpeg8 8d-1 ii libmozjs17d 17.0.8esr-1~deb7u1 ii libnspr4 2:4.9.2-1 ii libnss3 2:3.14.3-1 ii libnss3-1d 2:3.14.3-1 ii libpango1.0-0 1.30.0-1 ii libpixman-1-0 0.26.0-4 ii libsqlite3-0 3.7.13-1+deb7u1 ii libstartup-notification0 0.12-1 ii libstdc++6 4.7.2-5 ii libvpx1 1.1.0-1 ii libx11-6 2:1.5.0-1+deb7u1 ii libxext6 2:1.3.1-2+deb7u1 ii libxrender1 1:0.9.7-1+deb7u1 ii libxt6 1:1.1.3-1+deb7u1 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages xulrunner-17.0 suggests: ii libcanberra0 0.28-6 ii libgnomeui-0 2.24.5-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
