[tor-bugs] #23027 [Applications/Tor Browser Sandbox]: Tor sandbox should to reset all of tor browser bundle settings at launch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 25 02:18:43 UTC 2017
#23027: Tor sandbox should to reset all of tor browser bundle settings at launch
-------------------------------------------------+-------------------------
Reporter: Dbryrtfbcbhgf | Owner: yawning
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
Component: Applications/Tor Browser | 0.3.2.x-final
Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
If a zero day JavaScript exploit is able to compromise Firefox, it may be
able to override TBB’s Settings. If it overrides the default homepage
setting, every single time the user opens TBB it will open up a possibly
malicious homepage. In attacker may be able to do much worse if they’re
able to TBB Preferences. A simple way to solve this would be have the
sandbox launcher reset the settings every single time tor browser starts,
adding an option for users to opt out my also be useful.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23027>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list