[tor-bugs] #26451 [HTTPS Everywhere/EFF-HTTPS Everywhere]: HTTPS-Everywhere freezes the browser when entering URLS like ./a.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 21 19:47:55 UTC 2018
#26451: HTTPS-Everywhere freezes the browser when entering URLS like ./a.
-------------------------------------------------+-------------------------
Reporter: gk | Owner: legind
Type: defect | Status: new
Priority: High | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS | Version:
Everywhere |
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
Starting with the latest HTTPS-Everywhere update (2018.6.13) the browser
freezes when URLs like `./a.` are entered into the URL bar. davtur19
reported this bug via our HackerOne bug bounty program to us and suggested
that this is even exploitable by web content doing things like `<meta
http-equiv="refresh" content="0;URL=http://./a.">`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26451>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list