[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Critical security vulnerability is caused by HTTPS-Everywhere enabled

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Critical security vulnerability is caused by HTTPS-Everywhere enabled
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 17 Apr 2012 06:14:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Apr 2012 02:14:24 -0400
In-reply-to: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5477: Critical security vulnerability is caused by HTTPS-Everywhere enabled
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  pde
     Type:  defect                                    |         Status:  new
 Priority:  critical                                  |      Milestone:     
Component:  EFF-HTTPS Everywhere                      |        Version:     
 Keywords:  address spoofing, critical vulnerability  |         Parent:     
   Points:                                            |   Actualpoints:     
------------------------------------------------------+---------------------

Comment(by pde):

 So at this URL is a modified version of Drugoy's page:

 http://ww2.cs.mu.oz.au/~pde/bugs/5477-tst.html

 It does the same thing when you click the button, with the addition of an
 alert that says "frogs".  Visited without HTTPS Everywhere, the alert goes
 off.  With HTTPS Everywhere, the iframe appears to replace the whole
 window, despite what one sees after "view source".  In particular, there
 is no frogs alert.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Critical security vulnerability is caused by HTTPS-Everywhere enabled
Next by Author: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: HTTPS Everywhere sometimes causes iframes to behave strangely (take over their window?) (was: Critical security vulnerability is caused by HTTPS-Everywhere enabled)
Previous by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Critical security vulnerability is caused by HTTPS-Everywhere enabled
Next by thread: Re: [tor-bugs] #2632 [Tor Client]: Download Stops Midway with TOR Enabled
Index(es):
- Author
- Thread