[tbb-bugs] #18517 [Tor Browser]: meek is broken in Tor Browser 6.0a3

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 19 23:46:22 UTC 2016

#18517: meek is broken in Tor Browser 6.0a3
 Reporter:  gk           |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Very High    |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  regression   |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:  None
Changes (by teor):

 * component:  Tor => Tor Browser
 * priority:  Medium => Very High
 * keywords:  must-fix-before-028-rc, regression => regression
 * version:  Tor: =>
 * milestone:  Tor: 0.2.8.x-final =>
 * owner:   => tbb-team


 I think this is a Tor Browser issue and we should adopt dcf's workaround
 of changing the dummy IP addresses to publicly routable IP addresses.

 Tor is correctly checking for internal addresses and refusing to build
 circuits to them. This is a bugfix on #17674 and #8976. Tor can't make an
 exception for Tor Browser's sentinel addresses, without also allowing
 relays and hidden services to mistakenly connect to those addresses. This
 would open up the same attack vector we're trying to fix here.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18517#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list