[tor-bugs] #31753 [Applications/Tor Browser]: Web developer network tab breaks first-party isolation in some cases II
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 16 10:20:52 UTC 2019
#31753: Web developer network tab breaks first-party isolation in some cases II
-----------------------------+------------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------------------
There are rare cases where the first-part isolation breaks if the Web
developer Network tab is open. This got first reported on our blog:
https://blog.torproject.org/blog/tor-browser-65a5-released#comment-224102
Steps to reproduce (works in the alpha series on Windows at least):
1) Start a fresh Tor Browser and set the Torbutton log level to "3"
2) Open the Network tab in the Web developer console (Ctrl + Shift + Q)
3) Go to https://torproject.org
4) Reload the page with the arrow in the URL bar
Result:
Torbutton INFO: tor SOCKS:
https://www.torproject.org/static/css/bootstrap.css.map via--
unknown--:878a267349f5b487247d0a0175ae27f2
It is actually only the request for one resource that is affected. And
having the Network tab open is crucial for reproducing the bug.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31753>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list