[tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 17 09:19:23 UTC 2015 

#16840: Introduce preference for controlling speculative pre-connections (Related
to Tor Browser / present in Firefox)
---------------------------------------------+-----------------------------
 Reporter:  RickGeex_                        |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  major                            |      Milestone:
Component:  Tor Browser                      |        Version:  Tor:
 Keywords:  firefox, default, configuration  |  unspecified
Parent ID:                                   |  Actual Points:
                                             |         Points:
---------------------------------------------+-----------------------------
 Introduce preference for controlling speculative pre-connections -
 (original source - https://bugzilla.mozilla.org/show_bug.cgi?id=814169) is
 '''also present in the Tor Browser Bundle'''

 '''Yuri Khan '''2015-08-14 22:33:56 PDT

 {{{
 Hey,

 here’s a potential tracking scenario:

 * Mallory has a database of unverified email addresses. He wants to know
 which of them are read regularly.
 * Mallory associates with each unverified email address a unique IPv6
 address within his /64 network.
 * Mallory sends each unverified recipient a message which consists of a
 hyperlink to this unique IPv6 address, wrapped around a lot of text.
 * Alice views this message in a web mail client in Firefox. She
 inadvertently leaves the mouse in the area where the message is to be
 displayed.
 * Firefox speculatively connects to the address of the link.
 * Mallory’s router receives all connection attempts and logs destination
 addresses.
 * Because each recipient got a unique IPv6 address, Mallory marks Alice’s
 email address as verified.

 }}}
 (source: https://bugzilla.mozilla.org/show_bug.cgi?id=814169#c18)

 This scenario is also exploitable in the Tor browser because the default
 value of this API ('network.http.speculative-parallel-limit') is 6

 A fix to mitigate this problem is to set 'network.http.speculative-
 parallel-limit' to 0 by default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16840>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list