[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed May 9 21:24:01 UTC 2012
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
Reporter: Drugoy | Owner: ma1
Type: defect | Status: reopened
Priority: blocker | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords: MikePerry201204
Parent: | Points: 7
Actualpoints: 7 |
-------------------------------------+--------------------------------------
Comment(by mikeperry):
We've discovered that for some reason both codepaths of URL rewriting
(HTTPS.forceURI and HTTPS.replaceChannel) are applying to this PoC
exploit. That could explain the intermediate step 2, due to a race
condition between them. Next step is disabling each one and seeing what
the behavior is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list