[tbb-bugs] #18513 [Tor Browser]: New Identity bypass

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 10 04:10:06 UTC 2016

#18513: New Identity bypass
     Reporter:  tahuttun     |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Major        |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 The "new identity" bypass requires no JS and works with highest private
 and security level that Tor Browser has! The attack works because favicon
 cache is not truncated. An attacker may spread unique tokens as part of
 the favicon addressess.

 The new identity may be traced to the old one, since we know which token
 is given to which user and have ability to test if the user has the exact
 token (use token once, mark it as used and generate more if required).
 Furthermore, because the favicon connection is not closed when the "new
 identity" is ran we have also the knowledge that the tor browser is still
 open. Favicons are flushed when browser is closed.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18513>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list