[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #1672 [EFF-HTTPS Everywhere]: Firefox search box typeahead completion leaks plaintext queries

To: undisclosed-recipients:;
Subject: [tor-bugs] #1672 [EFF-HTTPS Everywhere]: Firefox search box typeahead completion leaks plaintext queries
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 07 Jul 2010 23:04:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Wed, 07 Jul 2010 19:04:52 -0400
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1672: Firefox search box typeahead completion leaks plaintext queries
----------------------------------+-----------------------------------------
 Reporter:  schoen                |       Owner:  pde
     Type:  defect                |      Status:  new
 Priority:  major                 |   Milestone:     
Component:  EFF-HTTPS Everywhere  |     Version:     
 Keywords:                        |      Parent:     
----------------------------------+-----------------------------------------
 Even if an HTTPS Everywhere rule matches the relevant URL, typing text in
 the Firefox search box will send unencrypted HTTP queries to the host
 defined for typeahead completion in the search engine definition file.

 HTTPS Everywhere thinks it is rewriting these queries (according to the
 error console), but a packet sniffer verifies that the rewriting never
 occurs and the queries are actually sent as plaintext!  (To be more
 precise, the protocol scheme and host are never effectively changed; a
 rewrite rule can still have an effect on the path part of the URL.)

 See
 https://mail1.eff.org/pipermail/https-everywhere/2010-July/000025.html
 for more details.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1672>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Follow-Ups:
- [tor-bugs] Re: #1672 [EFF-HTTPS Everywhere]: Firefox search box typeahead completion leaks plaintext queries
  - From: Tor Bug Tracker & Wiki
- [tor-bugs] Re: #1672 [EFF-HTTPS Everywhere]: Firefox search box typeahead completion leaks plaintext queries
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #1671 [Tor - Torbutton]: Privacy blacklist (automatic tor)
Next by Author: [tor-bugs] #1673 [EFF-HTTPS Everywhere]: Firefox HTTP Prefetch feature leaks unencrypted site accesses, ignoring rewrite rules
Previous by thread: [tor-bugs] #1671 [Tor - Torbutton]: Privacy blacklist (automatic tor)
Next by thread: [tor-bugs] Re: #1672 [EFF-HTTPS Everywhere]: Firefox search box typeahead completion leaks plaintext queries
Index(es):
- Author
- Thread