[tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 3 23:17:27 UTC 2016


#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:  new
Component:  Applications/Tor Browser             |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |     Resolution:
  regression, tbb-testcase, tbb-firefox-patch    |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by yawning):

 Replying to [comment:19 cypherpunks]:
 > I have a workaround for this.
 > Can you please look at https://addons.mozilla.org/en-US/firefox/addon
 /no-resource-uri-leak/ ?

 As far as I can tell the approach you're taking is the only way to do this
 (the `http-on-modify-request` event does not fire for `resource://` URLs
 for obvious reasons, so a content policy is required).  Not sure what the
 Tor Browser policy is on licensing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list