[tor-dev] Security issue
tortestprivacy at ro.ru
Mon Jan 20 22:54:02 UTC 2014
I found a security issue in Tor.
For example ANY web-site can scan local ports sending a requests to http://127.0.0.1:port and see what port is opened.
For example: http://127.0.0.1:80, http://127.0.0.1:8080 and any other ports.
If some application listen some port it will be able to accept connections and responce to them. If it will be a local web-server any web-site that you visit can view html-pages on it even if all external incoming connections from Internet to this port are disabled by system firewall and only local connections from 127.0.0.1 are allowed.
The decision is turn on ABE (Application Boundaries Enforcer) by default in NoScript Add-On. Now it's disabled by default.
This rule will be added in NoScript by default if you turn on ABE:
# Prevent Internet sites from requesting LAN resources.
Accept from LOCAL
If you have default settings of Tor Browser Bundle, ABE is not turned on.
If so you can test what ports are opened on your computer for example here: http://tortestprivacy.url.ph/
More information about the tor-dev