[tor-bugs] #7561 [Firefox Patch Issues]: FTP requests are cached and not isolated to the URL bar origin
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 24 12:19:39 UTC 2012
#7561: FTP requests are cached and not isolated to the URL bar origin
----------------------------------+-----------------------------------------
Reporter: gk | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-linkability | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Contents of FTP requests can get cached but are currently not isolated to
the URL bar origin which contradicts the goal of section 3.5.2 of the Tor
Browser design documentation. The relevant code is here:
https://mxr.mozilla.org/mozilla-
central/source/netwerk/protocol/ftp/nsFtpConnectionThread.cpp
There are two things to note:
1) This caching is working a bit differently than the familiar HTTP
caching. E.g. are there no E-Tags, no headers involved which makes a
scalable exploitation much harder (that's the only reason why I think the
prio is normal) IMO.
2) Furthermore, only directory listings can get cached, not "normal" files
like CSS or JS files loaded via FTP.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7561>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list