[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain

Subject: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 25 Mar 2015 16:03:54 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Mar 2015 12:04:03 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15460: FTP requests are not isolated to first party domain
---------------------------+--------------------------
 Reporter:  gk             |          Owner:  tbb-team
     Type:  defect         |         Status:  new
 Priority:  major          |      Milestone:
Component:  Tor Browser    |        Version:
 Keywords:  tbb-4.5-alpha  |  Actual Points:
Parent ID:                 |         Points:
---------------------------+--------------------------
 While looking at Torbutton patches Mike committed last night I realized we
 are not isolating FTP requests to the URL bar domain. This does not only
 lead to top level FTP requests not showing up in the circuit display but
 rather to all embedded FTP requests sent over the default circuit. I fear
 there are quite a number of risks involved in this design that give a
 malicious website(s) ample chances to correlate user traffic at least.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15460>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Next by Author: Re: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
Previous by thread: Re: [tor-bugs] #12745 [Tor Browser]: still running old version of Tor Button after upgrading TBB in-place
Next by thread: Re: [tor-bugs] #15460 [Tor Browser]: FTP requests are not isolated to first party domain
Index(es):
- Author
- Thread