[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 27 23:06:21 UTC 2014
#9901: DoS of TBB when no Content-Type header and more than 512 bytes of content
are sent
-------------------------+-------------------------------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: | Version:
TorBrowserButton | Keywords: tbb-usability, interview, tbb-
Resolution: | crash, MikePerry201402R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
For best practice, we need to prefix these functions with something
(torbutton_ has been our convention). The reason is because overlay
javascript is added into the browser XUL window scope, and we risk
collisions if another addon defines something named either handleConsole,
consoleObserver.
I have fixed this and merged the branch. It will go into master and it
should be in a nightly at https://people.torproject.org/~linus/builds/
shortly to play with. If that goes well, we can tag a new release and push
it out in a stable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:88>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list