[tor-bugs] #8725 [Tor Browser]: resource:// URIs leak information

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 14 11:10:48 UTC 2016


#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:  new
Component:  Tor Browser                          |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |     Resolution:
  regression, tbb-testcase, tbb-firefox-patch    |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Can you ask Mozilla to change exposing `resource://` URIs opt-in for each
 extension via manifests (because some non-TBB extensions need it) and
 eliminate `resource://` exposure in Firefox core? This is important
 upstream too. It is actually one of the most critical holes in Firefox
 (now with `Components` deprecated in Web). TBB's OS mangling is only half-
 baked with this problem unresolved. So each anonymity
 set is quite a bit smaller than imagined.

 https://bugzilla.mozilla.org/show_bug.cgi?id=863246 is inactive now. It
 seems '''we need more attention from Mozilla'''.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list