[tor-bugs] #8725 [Tor bundles/installation]: resource:// URIs leak information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 19 05:18:12 UTC 2013
#8725: resource:// URIs leak information
--------------------------------------+-------------------------------------
Reporter: holizz | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by keb):
Source definition of the problematic uri
https://developer.mozilla.org/en-US/docs/Chrome_Registration#resource
Pretending to be not-firefox contradicts that torbrowser pretends to be
mozilla.
Does firefox really need this "resource://" feature? It comes with a
serious security warning. "Note that there are no security restrictions
preventing web content from including content at resource: URIs, so take
care what you make visible there." I.e. maybe better to lobby to remove
it entirely from upstream.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list