[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent

Subject: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 27 Feb 2014 23:06:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Feb 2014 18:06:33 -0500
In-reply-to: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9901: DoS of TBB when no Content-Type header and more than 512 bytes of content
are sent
-------------------------+-------------------------------------------------
     Reporter:  sqrt2    |      Owner:  mikeperry
         Type:  defect   |     Status:  needs_review
     Priority:  normal   |  Milestone:
    Component:           |    Version:
  TorBrowserButton       |   Keywords:  tbb-usability, interview, tbb-
   Resolution:           |  crash, MikePerry201402R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 For best practice, we need to prefix these functions with something
 (torbutton_ has been our convention). The reason is because overlay
 javascript is added into the browser XUL window scope, and we risk
 collisions if another addon defines something named either handleConsole,
 consoleObserver.

 I have fixed this and merged the branch. It will go into master and it
 should be in a nightly at https://people.torproject.org/~linus/builds/
 shortly to play with. If that goes well, we can tag a new release and push
 it out in a stable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:88>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5213 [Tor bundles/installation]: enable tor-fw-helper
Next by Author: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
Previous by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
Next by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB when no Content-Type header and more than 512 bytes of content are sent
Index(es):
- Author
- Thread