[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Subject: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 29 Jul 2016 01:38:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Jul 2016 21:38:24 -0400
In-reply-to: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  needs_review
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |        Version:
  regression, tbb-testcase, tbb-firefox-patch,   |     Resolution:
  TorBrowserTeam201607R                          |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by yawning):

 Replying to [comment:40 mikeperry]:
 > 1. I think it *might* have been better to use http-on-modify-request
 here rather than both the content policy and the response listener, but
 you might also not have as much information there about the source content
 url. Maybe this doesn't matter so much, since what we really want is a
 direct Firefox patch. The extra observers will have a perf cost, though.

 The CSP is required because `http-on-modify-request` events dont' fire for
 `recourse://` urls, unfortunately.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #19643 [Metrics/metrics-lib]: use slf4j in DescripTor instead of System.err or printStackTrace
Next by Author: [tor-bugs] #19624 [Metrics/ExoneraTor]: java modules of Exonerator should coply to style guide
Previous by thread: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Next by thread: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Index(es):
- Author
- Thread