[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 17 01:38:30 UTC 2013
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
----------------------------------+---------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
If a site makes connection attempts or element loads sourced for
127.0.0.1, can it build a list of open local TCP ports for fingerprinting
purposes? Open ports may yield different error conditions than closed
ports for certain request types and elements..
There may be other vectors to to this through DNS rebinding too, but I
believe in those cases the hostname should always be provided to the SOCKS
port, and such connections will happen to the exit, which should block
them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list