[tor-bugs] #22966 [Applications/Tor Browser]: Nasty MitM possibility with the Firefox blocklist service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 19 07:28:15 UTC 2017
#22966: Nasty MitM possibility with the Firefox blocklist service
--------------------------------------+--------------------------
Reporter: basvd | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
> In this way it is quite easy to setup a MitM attack and remove revoked
certificates from the blocklist.xml
Can you to add new IDs to blocklist.xml to disable exist extensions, this
way to make DoS against users? Will Tor Browser obey blocklist for
TorButton and TorLauncher case too?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22966#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list