commit 78b899e9e7b28cbe9cc5cc1976223b070acf4c22 Author: Mike Perry <mikeperry-git@torproject.org> Date: Mon Feb 3 10:31:08 2014 -0800 fixup! Tor Browser's Firefox preference overrides. Bug #10419: Websites should not be allowed to probe local ports, for fingerprinting and local service vulnerability risks. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 16928b3..93725ee 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -85,6 +85,7 @@ pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in cas pref("network.proxy.socks", "127.0.0.1"); pref("network.proxy.socks_port", 9150); pref("network.proxy.socks_remote_dns", true); +pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419) pref("network.proxy.type", 1); pref("network.security.ports.banned", "9050,9051,9150,9151"); pref("network.dns.disablePrefetch", true);