[tor-bugs] #31287 [Applications/Tor Browser]: NoScript leaks browser locale if objects are blocked and JavaScript is allowed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 31 07:51:17 UTC 2019
#31287: NoScript leaks browser locale if objects are blocked and JavaScript is
allowed
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-locale, noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Old description:
> If one customizes NoScript in a way that objects are blocked and
> JavaScript is enabled then the browser locale is leaked even if the user
> opted in in hiding it.
> This issue got reported to our HackerOne bug bounty program by ryotak,
> thanks!
>
> A copy of the developed PoC can be found at:
> https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.
>
> Note: Tor Browser is not vulnerable to this attack in any of the
> supported default settings (that is on any of the security settings
> levels).
New description:
If one customizes NoScript in a way that objects are blocked and
JavaScript is enabled then the browser locale is leaked even if the user
opted in in hiding it.
This issue got reported to our HackerOne bug bounty program by ryotak,
thanks!
A copy of the developed PoC can be found at:
https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.
--
Comment (by gk):
Replying to [comment:5 RyotaK]:
> Replying to [ticket:31287 gk]:
>
> I want to tell you something in [https://hackerone.com/reports/651444
HackerOne] thread that related to this bug. Tor Browser is vulnerable to
this attack in supported settings. Can you look into it please?
>
> > Note: Tor Browser is not vulnerable to this attack in any of the
supported default settings (that is on any of the security settings
levels).
Right. I was wrong here and I changed the description accordingly. One can
see this on the medium-security level as well with media content being
click-to-play.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31287#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list