[tbb-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 18 13:36:05 UTC 2016
#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
Reporter: holizz | Owner: tbb-
Type: defect | team
Priority: Very High | Status:
Component: Applications/Tor Browser | needs_review
Severity: Major | Milestone:
Keywords: tbb-fingerprinting, tbb-rebase- | Version:
regression, tbb-testcase, tbb-firefox-patch, | Resolution:
TorBrowserTeam201607R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Do nested schemes (`view-source:`, `jar:`, etc.) leak information about
existing restricted resources? Although I tend to think those schemes are
inaccessible from content, that does not necessarily guarantee no
information leak.
Ex.
Is `view-source:chrome://nonexistent/content/` denied the same way as
`view-source:chrome://torbutton/content/`?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list