[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent

Subject: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 21 Jan 2014 14:32:24 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Jan 2014 09:32:20 -0500
In-reply-to: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
     Reporter:  sqrt2             |      Owner:  mikeperry
         Type:  defect            |     Status:  reopened
     Priority:  normal            |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------

Comment (by gk):

 Replying to [comment:76 gk]:
 > Replying to [comment:74 mikeperry]:
 > > I can also try to bring this to Mozilla's attention to see if they are
 willing to write a proper fix themselves, since this silent app launching
 behavior is a longstanding issue in their own confirmation dialog system.
 >
 > Might at least be interesting to know what they think about it. I was
 always under the impression that this "feature" was on purpose to save
 some time: "The user clicks on the resource, hence she wants to have it
 (be it opened somewhere else or saving it), thus lets already download it
 in the background before the final decision is made".

 I forgot to add "and handle it if there is a (default) handler available".

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:77>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #10686 [TorBrowserButton]: Tor allows Cross-Site Request initiations to localhost
Next by Author: Re: [tor-bugs] #10686 [TorBrowserButton]: Tor allows Cross-Site Request initiations to localhost
Previous by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Next by thread: Re: [tor-bugs] #9799 [Website]: ViewVC exception: TypeError: expecting an integer for the buffer size
Index(es):
- Author
- Thread