[tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 9 00:16:30 UTC 2015
#13670: ensure OCSP & favicons respect URL bar domain isolation
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
arthuredelstein | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-linkability, ff38-esr,
Browser | TorBrowserTeam201505R, MikePerry201505R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
I think my concerns wrt to issue 3 at the moment are limited to
NSSCertDBTrustDomain holding the bare pointer. If we make that be an
nsCString, I think we may be OK, since the rest is just arg passing. But
if any of these function calls suddenly become async in FF38 or later,
we'll be sad again.
In the interest of getting us closer to 5.0a1, I will fix up my concerns
in a fixup commit.. But I'd still like this to have more eyes (mcs+brade,
ideally), and I'd like us to think about how we can protect against future
issues.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list