[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue May 8 07:18:53 UTC 2012


#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
    Reporter:  Drugoy                |       Owner:  ma1            
        Type:  defect                |      Status:  reopened       
    Priority:  blocker               |   Milestone:                 
   Component:  EFF-HTTPS Everywhere  |     Version:                 
  Resolution:                        |    Keywords:  MikePerry201204
      Parent:                        |      Points:  7              
Actualpoints:  7                     |  
-------------------------------------+--------------------------------------
Changes (by Drugoy):

  * status:  closed => reopened
  * priority:  major => blocker
  * resolution:  fixed =>


Comment:

 This is a critical security vulnerability. 1.5 months have passed since I
 reported it. It is still not fixed (neither in 2.0.3 nor in 3.0.2.), and
 there are thousands of users that may get hacked.
 I think you don't give a ~~f~~care about users of your products and such
 critical vulnerabilities if you don't even test whether the bug is fixed
 or not.
 Well, you obviously are not that good as you pretend to be.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list