[tor-bugs] #22484 [Applications/TorBirdy]: TB 52+ leaks installed dictionary
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 3 23:18:28 UTC 2017
#22484: TB 52+ leaks installed dictionary
---------------------------------------+---------------------
Reporter: Fleming | Owner: sukhbir
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/TorBirdy | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
---------------------------------------+---------------------
TB 52 introduced a new header Content-Language with no option to turn it
off.
Official [https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/
changelog] says about that:`Dictionary setting is restored when editing a
draft. Content-Language header (RFC 3282) transmitted with message.`
Mentioned [https://tools.ietf.org/html/rfc3282 RFC] warns us (Paragraph 4,
Security considerations) that incorrect implementation would lead to a
privacy leak, which truly happens. For example, you could forge name,
timezone and IP to pretend to be a citizen of Iceland, but Content-
Language header would leak Content-Language: ru-English, meaning the
author rather comes from Eastern Europe.
What shall we do about that?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22484>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list