[tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 1 19:14:08 UTC 2019 

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-proxy-bypass,                    |  Actual Points:
  TorBrowserTeam201904, GeorgKoppen201904,       |
  tbb-8.5                                        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_information
 * keywords:
     tbb-proxy-bypass, TorBrowserTeam201904R, GeorgKoppen201904, tbb-8.5
     -must-alpha
     => tbb-proxy-bypass, TorBrowserTeam201904, GeorgKoppen201904, tbb-8.5


Comment:

 Replying to [comment:11 tom]:
 > Replying to [comment:9 gk]:
 > >However, I am still not convinced that this is the whole picture. In
 particular, I feel those changes *do not* explain how the registry-based
 bypass is working, given that the pref is only checked at one place and
 `areEnterpriseOnlyPoliciesAllowed()` results in `false` for the stable
 series, yet the bug report was made against 8.0.x.
 >
 > I also can't explain this, and agree.  But the patch looks good to me.

 Thanks. Pushed to `tor-browser-60.6.1esr-8.5-1` (commit
 e95c515352094f6c3d943a3313628c370feb18f2 and
 6e730d5184f8d74860488f8fa998bd1e0023281f) to get the changes in our next
 nightly build. Setting to `needs_information` to figure out a way to repro
 the original bug report. I'll try to ask the reporter for steps to
 reproduce and whether they can still reproduce the problem with the fixes
 (whcih we have so far) committed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29916#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list