[tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 10 14:49:50 UTC 2016


#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  needs_review
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |        Version:
  regression, tbb-testcase, tbb-firefox-patch,   |     Resolution:
  TorBrowserTeam201606R                          |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 {{{
 The second one is that shouldLoad is not invoked for redirects. You only
 get one call, for the first URL requested. If you let it pass, it can
 redirect anywhere without you noticing it.
 }}}
 https://developer.mozilla.org/en-US/Add-
 ons/Overlay_Extensions/XUL_School/Intercepting_Page_Loads

 So, my first guess would be that redirects can bypass this blocking
 mechanism. Did anybody test this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list