[tbb-bugs] #16347 [Tor Browser]: TOR Browser Favicon.ico IP leak
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 11 16:34:27 UTC 2015
#16347: TOR Browser Favicon.ico IP leak
-----------------------------+---------------------------------
Reporter: torleak | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Resolution: | Keywords: Favicon.ico IP leak
Actual Points: | Parent ID:
Points: |
-----------------------------+---------------------------------
Comment (by torleak):
SnagiIt32.exe was decompiled, and there is indeed a favicon.ico call under
unclear conditions. This may also explain older Windows NT 6.2 version in
User-Agent, if this Snagit version itself was relatively old and not
compiled for Windows 6.3.
Now, does it mean that an external application can request a target IP
address from TOR Browser (Firefox), and TOR Browser will divulge IP
address to it? Is it normal? This doesnt look good.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16347#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list