[tbb-bugs] #28174 [Applications/Tor Browser]: Block non-.onion subresources on .onion websites?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 26 21:23:58 UTC 2018
#28174: Block non-.onion subresources on .onion websites?
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Replying to [comment:2 gk]:
> If I understand it right then what you want is to defend against the
*privacy* risks Arthur outlined by using the *security* slider. If that's
the case then I am not convinced by that idea yet as we don't want to mix
security and privacy related settings in the slider.
Nooo, I keep the delineation in mind. I said "when the security slider is
at High, perform Full blocking" specifically for security reasons.
An attacker wants to compromise a user who visits foo.onion. foo.onion
includes an image from example.com. (HTTP or HTTPS, doesn't matter.)
Instead of compromising foo.onion, the attacker compromises either
example.com or the connection from the exit node to example.com and serves
an exploit on a passive piece of content (like an image.)
Performing full blocking removes this attack surface.
Now you said
> We block *features* based on code execution vulnerabilities in the past,
not based on transport
I hadn't heard the bit about transport before. Perhaps you disagree with
me based on that. But I'm confused then: At Medium, why is JS disabled on
HTTP sites? Isn't that blocking a feature based on transport?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28174#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list