[tor-bugs] #11055 [Firefox Patch Issues]: Investigate potential DNS leak on Windows when using SSPI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 25 12:44:46 UTC 2014
#11055: Investigate potential DNS leak on Windows when using SSPI
----------------------------------+---------------------------
Reporter: gk | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
Firefox supports the "negotiate" auth method which, it seems, may lead to
a DNS request bypassing the proxy settings in: https://mxr.mozilla.org
/mozilla-esr24/source/extensions/auth/nsAuthSSPI.cpp#122. This is somewhat
mitigated as it does not affect the majority of Windows users due to
{{{
network.negotiate-auth.trusted-uris
}}}
being empty and
{{{
network.negotiate-auth.allow-non-fqdn
}}}
being set to "false" by default. Might be worth investigating further and
fixing if this preliminary analysis is sound.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11055>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list