[tor-bugs] #8213 [Applications/Tor Browser]: spoof history.length - browser.sessionhistory.max_entries

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 10 23:29:27 UTC 2019


#8213: spoof history.length - browser.sessionhistory.max_entries
--------------------------------------------+--------------------------
 Reporter:  proper                          |          Owner:  tbb-team
     Type:  defect                          |         Status:  new
 Priority:  Low                             |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  tbb-linkability, tbb-torbutton  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+--------------------------

Comment (by Thorin):

 @gk

 FWIW, `browser.sessionhistory.max_entries` has been broken since FF61, and
 I will probably never get fixed - see
 https://bugzilla.mozilla.org/show_bug.cgi?id=1511813

 As for cross-origin linkability / privacy concerns: there shouldn't be
 any: see
 - https://developer.mozilla.org/en-US/docs/Web/API/History
 - https://html.spec.whatwg.org/multipage/history.html

 Suggest we close this, unless you can think of any XSS or other trickery
 involved here

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8213#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list