[tor-bugs] #6314 [TorBirdy]: prevent leak via Date header field (local timestamp disclosure)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 6 21:15:44 UTC 2013
#6314: prevent leak via Date header field (local timestamp disclosure)
--------------------------+----------------------
Reporter: tagnaq | Owner: ioerror
Type: defect | Status: new
Priority: major | Milestone:
Component: TorBirdy | Version:
Resolution: | Keywords: SponsorT
Actual Points: | Parent ID: #9131
Points: |
--------------------------+----------------------
Comment (by heywoodj123@…):
I have torbirdy 0.1.2 running on TB 24.1.1 (built from
http://hg.mozilla.org/releases/mozilla-esr24/rev/73cf17fcf5d5) on OS X
10.6.8.
I appreciate the need to avoid leaking location info by masking the local
timezone, but it appears this build of torbirdy is going too far.
Specifically, I'm seeing that mailnews.reply_header_authorwrote is getting
changed from "%s wrote" to "%s", and mailnews.reply_header_ondate is
getting changed from "On %s" to null.
What I would expect instead is that the formatting for _ondate is simply
changed to use UTC rather than local time (perhaps using some other
preference(s) in addition, or instead) . I see no reason to change
_authorwrote at all.
I'm not 100% sure this is due to torbirdy, but from this ticket (and also
#6315) it seems the most likely culprit. I am not much of a coder, but
would be happy to test a patched version and report back.
Thanks for the excellent extension -- I'm finally able to use TB via Tor,
which I've been wanting to do for a very long time.
Cheers,
-H
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6314#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list