[tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 2 01:02:23 UTC 2014
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Changes (by arthuredelstein):
* status: new => needs_review
Comment:
Thanks for the Window tip!
I've attached a
[https://trac.torproject.org/projects/tor/attachment/ticket/9308/0001
-prevent-BrowserFeedWriter-and-sidebar-exceptions-fro.patch new patch],
which simply blocks local file paths from being attached to exceptions.
This fixes both privacy leaks found in
`new BrowserFeedWriter().close();`
and
`window.sidebar.addEngine("http://", "http://", null, null);`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list