[tor-bugs] #32733 [Applications/Tor Browser]: "Find" feature leaks information between Tor Browser and regular Firefox on macOS 10.15.1
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 12 07:14:36 UTC 2019
#32733: "Find" feature leaks information between Tor Browser and regular Firefox on
macOS 10.15.1
-----------------------------+------------------------------------------
Reporter: mSUIcXNPzcq3idq | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: tbb-9.0-issues | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------------------
On my Macbook Pro (running Catalina 10.15.1) I use Firefox (currently v70)
as my regular browser, and Tor Browser 9.0.2.
If I use the "find" feature in Tor Browser (i.e. Cmd-F) and look for some
text in a page I am browsing privately via Tor, then using the same
feature in normal Firefox is prefilled with the text I just searched for -
this seems like a potential leak of private (meta-?)data
Steps to reproduce:
* Install Firefox on a macOS 10.15.1 system
* Install Tor Browser Bundle 9.0.2
* Open Firefox and load "www.google.com"
* Open Tor Browser and load "www.bing.com"
* In Tor Browser, press Cmd-F and search for "private text"
* Change application to Firefox and press Cmd-F
* You will see that the "search text" field has been filled in with the
text you just searched for in Tor Browser during an "anonymous" browsing
session
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32733>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list