[tor-bugs] #10682 [TorBrowserButton]: Disable update pings for Torbutton and Tor Launcher

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 8 19:35:34 UTC 2014


#10682: Disable update pings for Torbutton and Tor Launcher
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mikeperry
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:           |    Version:
  critical               |   Keywords:  tbb-security, extdev-interview,
    Component:           |  MikePerry201401R
  TorBrowserButton       |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by cypherpunks):

 >fix for #10419
 Security hole.

 >ExtendAllowPrivateAddresses
 no. ClientRejectInternalAddresses

 >The browser will no longer connect to directly to 127.0.0.1, nor will
 connections to 127.0.0.1 be sent to the exit node
 It's all depends Tor not Torbrowser that has security hole with passing
 localhost over proxy.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10682#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list