[tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 21 11:18:01 UTC 2014


#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
     Reporter:  sqrt2             |      Owner:  mikeperry
         Type:  defect            |     Status:  reopened
     Priority:  normal            |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------

Comment (by gk):

 Replying to [comment:74 mikeperry]:
 > I think the right fix here is to remove external-app-blocker.js from
 Torbutton, and patch the Firefox app launching code to emit our custom
 confirmation dialog before actually launching the app (or create another
 observer for this purpose).

 The observer idea sounds good. This way other extensions and Mozilla
 itself may use this, too.

 > Unfortunately, the external app launching code itself is a little hairy
 and convoluted. The starting points are
 nsExternalHelperAppService::DoContent() and
 nsExternalHelperAppService::LoadURI(). It looks like there are still a few
 entrypoints there to launch external apps that happen before Mozilla tries
 to present their version of the app launch confirmation dialogs.
 Unfortunately, some of these points may happen in what appears to be
 compile-time generated C++ code.
 >
 > I can also try to bring this to Mozilla's attention to see if they are
 willing to write a proper fix themselves, since this silent app launching
 behavior is a longstanding issue in their own confirmation dialog system.

 Might at least be interesting to know what they think about. I was always
 under the impression that this "feature" was on purpose to save some time:
 "The user clicks on the resource, hence she wants to have it (be it opened
 somewhere else or saving it), thus lets already download it in the
 background before the final decision is made".

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:76>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list