[tbb-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 6 02:40:48 UTC 2019


#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---------------------------------------+-----------------------------------
 Reporter:  catalyst                   |          Owner:  tbb-team
     Type:  defect                     |         Status:  needs_information
 Priority:  High                       |      Milestone:
Component:  Applications/Tor Browser   |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+-----------------------------------

Comment (by cypherpunks):

 In the file called storage-sync.sqlite (in profile.default) I have this
 text copied from Notepad (example and not everything in the .sqlite file,
 just the relevant part):

 {{{
 ["fetch","font","frame","object","other","script","webgl","media"],"temp":false},"https://upload.wikimedia.org/wikipedia/commons/transcoded/0/0a/Comparing_CMEs.ogv/Comparing_CMEs.ogv.480p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}‚';i
 ƒedefault/{73a6fe31-595d-460b-a920-fcc0f8843232}key-sync{"id":"key-
 sync","key":"sync","data":{"global":false,"xss":true,"cascadeRestrictions":true,"xssScanRequestBody":false,"xssBlockUnscannedPOST":true,"overrideTorBrowserPolicy":false,"clearclick":true,"storage":"sync"},"_status":"created"}
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list