[tbb-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 4 09:59:38 UTC 2016


#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  needs_review
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |        Version:
  regression, tbb-testcase, tbb-firefox-patch,   |     Resolution:
  TorBrowserTeam201606R                          |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by yawning):

 * status:  new => needs_review
 * keywords:
     tbb-fingerprinting, tbb-rebase-regression, tbb-testcase, tbb-firefox-
     patch
     =>
     tbb-fingerprinting, tbb-rebase-regression, tbb-testcase, tbb-firefox-
     patch, TorBrowserTeam201606R


Comment:

 I pushed a change to also restrict `chrome://` URIs, regardless of
 `contentaccessible`, per discussion with gk.  It sort of sucks that
 certain addons will break, but they aren't the standard Tor Browser set.

 I leave it up to the Tor Browser people if they want to take that commit
 or not.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list