[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Critical security vulnerability is caused by HTTPS-Everywhere enabled
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Mar 25 21:26:12 UTC 2012
#5477: Critical security vulnerability is caused by HTTPS-Everywhere enabled
------------------------------------------------------+---------------------
Reporter: Drugoy | Owner: pde
Type: defect | Status: new
Priority: critical | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: address spoofing, critical vulnerability | Parent:
Points: | Actualpoints:
------------------------------------------------------+---------------------
http://majorsecurity.net/html5/ios51-demo.html
!^ Here is the demo of address spoofing.
With HTTPS-Everywhere enabled in latest Nightly - clicking the button
opens a new tab with "apple.com" address. But this is a spoofed address,
press CTRL+U to watch the source code of that page.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list