[tbb-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Sat Jun 4 07:58:43 UTC 2016

#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:  new
Component:  Applications/Tor Browser             |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |     Resolution:
  regression, tbb-testcase, tbb-firefox-patch    |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by yawning):

 Replying to [comment:22 cypherpunks]:
 > Although the example add-on is GPL-3, I licensed the content policy code
 under MPL-2. Is MPL too restrictive? (Then we'll need to consider a BSD or
 the MIT/X11 license.) But the Mozilla codebase is under MPL anyway...
 > https://notabug.org/desktopd/no-resource-uri-leak/src/master/src
 /resource-filter

 FWIW, the current torbutton license is
 https://gitweb.torproject.org/torbutton.git/tree/src/LICENSE (Which seems
 sort of historical).  And I don't really care either way, but it's
 ultimately not my call, I just want this fixed.

 My plan was to integrate it into torbutton, instead of having it be a
 separate addon, though I'll drop the idea if the browser developers tell
 me that this should be solved another way.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online