[tor-talk] Security issue. Firefox in Tor Browser Bundle allows access to LAN resources. To fix: ABE of NoScript must be turn on by default

[Olivier Cornu]

Le 21/01/2014 11:44, Yuri a écrit :
> This is very troubling. I also confirm, though behavior with nc and with
> apache listeners differ for some reason.

I guess that incorrect CORS policy on local apache interrupts the XHR,
as Mike explained, whereas netcat (or port 443) XHRs time out.

--
Olivier