[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #1999 [Torbutton]: tor: URL support may allow attacks on Torbutton
#1999: tor: URL support may allow attacks on Torbutton
-----------------------+----------------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: | Parent:
-----------------------+----------------------------------------------------
[https://twitter.com/egyp7/status/26023995288]
Mike Perry thinks this tweet is about the possibility that a web site
could detect the presence of Torbutton by putting a tor: URL in an IFRAME
and measuring how long Firefox takes to report a page-not-found error --
if Torbutton is not installed, it fails immediately; if Torbutton is
installed, it waits until the user responds to a pop-up dialog, and then
either fails the load attempt or switches into Tor mode and loads the URL.
The warning dialogs might also allow a DoS attack on Torbutton users --
JavaScript can repeatedly add IMG tags to a page with tor: source URLs,
and the repeated popups will make a user's browser unusable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1999>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs