[tor-bugs] #5742 [Firefox Patch Issues]: Verify image cache url isolation

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 2 21:11:21 UTC 2012


#5742: Verify image cache url isolation
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry
     Type:  task                  |         Status:  new      
 Priority:  major                 |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------

Comment(by gk):

 Your suspicion seems to be correct :(.

 My test setup and results:

 I used a simple html file containing the Google image mentioned in #5715
 and the latest TBB (otherwise I had to patch the JonDoFox-JS as well as we
 currently avoid the cache for all 3rd party requests) on Linux. The file
 was hosted on svn.jondos.de and on anonymous-proxy-servers.net. After
 clearing the cache I loaded the file on svn.jondos.de in the first tab and
 afterwards the file on anonymous-proxy-servers.net in the second tab.
 about:cache showed me only the image cache entry with the svn.jondos.de
 domain. I repeated the same experiment and looked at the request/response
 headers as well. about:cache gave me the same results. Additionally, the
 captured headers showed no request for the image in tab 2. Therefore, I
 would conclude that the cached image is indeed used despite being loaded
 by a different domain.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5742#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list