[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 6 03:00:53 UTC 2019 

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---------------------------------------+-----------------------------------
 Reporter:  catalyst                   |          Owner:  tbb-team
     Type:  defect                     |         Status:  needs_information
 Priority:  High                       |      Milestone:
Component:  Applications/Tor Browser   |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+-----------------------------------

Comment (by cypherpunks):

 Here is *exactly* what I did to confirm it:

 1. Deleted Tor Browser directory

 2. Installed fresh Tor Browser 8.0.8

 3. Changed security slider to "Safer"

 4. Navigated to
 https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm

 5. Clicked to play

 6. Looked at NoScript settings page and confirmed it was whitelisted

 7. Restarted browser

 Before step 5, I looked at the sqlite in an online sqlite viewer and it
 said the collection_name was default/{73a6fe31-595d-
 460b-a920-fcc0f8843232}, the record_id was key-policy, and the record was
 this:

 {{{
 {"id":"key-
 policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 After step 7 I looked at the same record, and now it was this:

 {{{
 {"id":"key-
 policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{"https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 That sqlite file is stored on the disk.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29957#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list