[tor-bugs] #8422 [TorBrowserButton]: DOM localStorage not cleared on New Identity
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 7 01:52:10 UTC 2013
#8422: DOM localStorage not cleared on New Identity
-----------------------------------+----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: TorBrowserButton | Version:
Keywords: tbb-rebase-regression | Parent:
Points: | Actualpoints:
-----------------------------------+----------------------------------------
http://www.stevesouders.com/blog/2012/09/10/clearing-browser-data/ reveals
that despite the documentation on MDC
(https://developer.mozilla.org/en/DOM/Storage#Storage_location_and_clearing_the_data),
window.localStorage is NOT cleared by the "cookie-changed" observer event.
We need to clear it explicitly. Isn't that cute. Another evercookie
vector.
Since we enabled DOM storage for FF17, this is a regression, and a pretty
bad one at that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8422>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list