[tbb-bugs] #25672 [Applications/Tor Browser]: Debugger in delevoper tools is fetching website over catch-all circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 29 07:19:24 UTC 2018
#25672: Debugger in delevoper tools is fetching website over catch-all circuit
------------------------------------------+-----------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-linkability
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+-----------------------------
Go to https://sorry.google.com/sorry/misc and you'll see the exit IP
address of the circuit bound to the google.com domain.
Now, open the delevoper tools (Ctrl + Shift + K) and select the debugger
pane and you see that
1) The page is fetched again (which is a Firefox bug)
2) The catch-all-circuit is used as the debugger does not seem to
understand the concept of first party isolation.
See: #15555 for a similar problem.
Found by Rbcafe and reported to HackerOne.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25672>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list