[tor-bugs] #25737 [Applications/Tor Browser]: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 10 08:40:12 UTC 2018


#25737: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?
--------------------------------------+--------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:10 cypherpunks]:
 > Sorry for my delay, I had to ask the network administrator: the logs and
 cache contain an entry for `aus1.torproject.org`.

 Logs and cache of what? The application firewall?

 > A deactivation of the extension imply the warning "something is not
 working", surfing is impossible (connection refused). Same goes for
 manually tweaking the conf.

 Yes, that's intended. I was just wondering whether the supposed race
 condition could be avoided that way as Tor Launcher is now out of the
 picture and the update request should be visible every time it gets
 issued, in case Firefox is not obeying its proxy settings. You can see
 those requests in the browser console (Ctrl+Shift+J) after setting the
 logging pref `extensions.torbutton.loglevel` to `3`).

 > Would a stack trace be helpful (provided it's gonna happen again)?

 Could be. I guess ideally having some steps to reproduce your issue would
 be the best but as long as it seems to be semi-randomly happening (or
 happened once) that's hard.

 I wonder if you see those calls with a normal Firefox as well? You could
 try with setting a proxy (Tor e.g.) and using that for a bit or just using
 the default Firefox, trying to reproduce those weird `xpcproxy` related
 firewall alerts.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25737#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list