[tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jul 20 23:37:22 UTC 2019


#30657: Tor Browser locale is leaked via title of link tag on non-html page
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-locale, ff68      |  Actual Points:
  -esr-will-have                                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by Thorin):

 The error is 68+ is

 Security Error: Content at
 `https://people.torproject.org/~gk/tests/test.txt` may not load or link to
 `resource://content-accessible/plaintext.css`.

 If I'm following this correctly:
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=863246 - blocked
 `resource://URIs` (yay!)
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=1395486 - they allowed
 plaintext.css in 57+ as a regression from 863246 (boo!)
 - 68+ https://bugzilla.mozilla.org/show_bug.cgi?id=1514655 - and now
 they've closed it down again (yay!)

 However, the last bugzilla is `css, enhancement`: and I wouldn't be
 surprised if it got reverted again. IDK, I just want to make sure that's
 it's a permanent solution

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30657#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list