[tor-bugs] #22484 [Applications/TorBirdy]: TB 52+ leaks installed dictionary

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 3 23:18:28 UTC 2017


#22484: TB 52+ leaks installed dictionary
---------------------------------------+---------------------
     Reporter:  Fleming                |      Owner:  sukhbir
         Type:  enhancement            |     Status:  new
     Priority:  Medium                 |  Milestone:
    Component:  Applications/TorBirdy  |    Version:
     Severity:  Normal                 |   Keywords:
Actual Points:                         |  Parent ID:
       Points:                         |   Reviewer:
      Sponsor:                         |
---------------------------------------+---------------------
 TB 52 introduced a new header Content-Language with no option to turn it
 off.

 Official [https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/
 changelog] says about that:`Dictionary setting is restored when editing a
 draft. Content-Language header (RFC 3282) transmitted with message.`

 Mentioned [https://tools.ietf.org/html/rfc3282 RFC] warns us (Paragraph 4,
 Security considerations) that incorrect implementation would lead to a
 privacy leak, which truly happens. For example, you could forge name,
 timezone and IP to pretend to be a citizen of Iceland, but Content-
 Language header would leak Content-Language: ru-English, meaning the
 author rather comes from Eastern Europe.

 What shall we do about that?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22484>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list