[tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows UI dialog with URI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 31 17:31:26 UTC 2017
#18101: IP leak from Windows UI dialog with URI
-------------------------------------------------+-------------------------
Reporter: uileak | Owner:
| arthuredelstein
Type: defect | Status:
| needs_review
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-disk-leak, tbb-proxy-bypass, | Actual Points:
TorBrowserTeam201708R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by cypherpunks):
* keywords: tbb-proxy-bypass, ip-leak, TorBrowserTeam201708R => tbb-disk-
leak, tbb-proxy-bypass, TorBrowserTeam201708R
Comment:
Why is so much attention being paid for this `NOTABUG`? Feature was
requested and discussed in
https://bugzilla.mozilla.org/show_bug.cgi?id=711654. Pros and cons are
well known for years.
Is this ticket about protection for noobs who can't distinguish between
shell and browser? If so, shouldn't we make this feature obey TBB's design
requirements? Something like "Firefox should handle URLs (instead of
system shell)".
What is needed to pass URLs to Firefox, `FOS_ALLNONSTORAGEITEMS` and
`FOS_SUPPORTSTREAMABLEITEMS` (with `FOS_FORCEFILESYSTEM` removed), from
https://msdn.microsoft.com/en-
us/library/windows/desktop/dn457282(v=vs.85).aspx?
There is no IP leak or proxy bypass. But there is `tbb-disk-leak` without
`FOS_DONTADDTORECENT`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:51>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list