[tor-bugs] #31287 [Applications/Tor Browser]: NoScript leaks browser locale if objects are blocked and JavaScript is allowed

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 30 10:03:26 UTC 2019


#31287: NoScript leaks browser locale if objects are blocked and JavaScript is
allowed
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-locale, noscript  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:1 ma1]:
 > Replying to [ticket:31287 gk]:
 >
 > > A copy of the developed PoC can be found at:
 https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.
 > >
 > Thanks, this seems a broken link though.

 You mean because it gives you a "404 Not Found" page? That's part of the
 PoC and comes from the `test.html` file. You'll see the PoC in action if
 you drag the NoScript icon to the toolbar and customize it by making sure
 `object` is blocked while JavaScript is still allowed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31287#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list