[tor-bugs] #25737 [Applications/Tor Browser]: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 10 08:40:12 UTC 2018
#25737: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:10 cypherpunks]:
> Sorry for my delay, I had to ask the network administrator: the logs and
cache contain an entry for `aus1.torproject.org`.
Logs and cache of what? The application firewall?
> A deactivation of the extension imply the warning "something is not
working", surfing is impossible (connection refused). Same goes for
manually tweaking the conf.
Yes, that's intended. I was just wondering whether the supposed race
condition could be avoided that way as Tor Launcher is now out of the
picture and the update request should be visible every time it gets
issued, in case Firefox is not obeying its proxy settings. You can see
those requests in the browser console (Ctrl+Shift+J) after setting the
logging pref `extensions.torbutton.loglevel` to `3`).
> Would a stack trace be helpful (provided it's gonna happen again)?
Could be. I guess ideally having some steps to reproduce your issue would
be the best but as long as it seems to be semi-randomly happening (or
happened once) that's hard.
I wonder if you see those calls with a normal Firefox as well? You could
try with setting a proxy (Tor e.g.) and using that for a bit or just using
the default Firefox, trying to reproduce those weird `xpcproxy` related
firewall alerts.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25737#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list