[tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 25 16:03:54 UTC 2015
#15460: FTP requests are not isolated to first party domain
---------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Keywords: tbb-4.5-alpha | Actual Points:
Parent ID: | Points:
---------------------------+--------------------------
While looking at Torbutton patches Mike committed last night I realized we
are not isolating FTP requests to the URL bar domain. This does not only
lead to top level FTP requests not showing up in the circuit display but
rather to all embedded FTP requests sent over the default circuit. I fear
there are quite a number of risks involved in this design that give a
malicious website(s) ample chances to correlate user traffic at least.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15460>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list