[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation

Subject: Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 09 May 2015 00:16:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 08 May 2015 20:16:39 -0400
In-reply-to: <055.f9fbaf07444dbb42dc5f11f56c921a84@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <055.f9fbaf07444dbb42dc5f11f56c921a84@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13670: ensure OCSP & favicons respect URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  arthuredelstein        |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability, ff38-esr,
  Browser                |  TorBrowserTeam201505R, MikePerry201505R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 I think my concerns wrt to issue 3 at the moment are limited to
 NSSCertDBTrustDomain holding the bare pointer. If we make that be an
 nsCString, I think we may be OK, since the rest is just arg passing. But
 if any of these function calls suddenly become async in FF38 or later,
 we'll be sad again.

 In the interest of getting us closer to 5.0a1, I will fix up my concerns
 in a fixup commit.. But I'd still like this to have more eyes (mcs+brade,
 ideally), and I'd like us to think about how we can protect against future
 issues.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Next by Author: Re: [tor-bugs] #15964 [Tor Launcher]: Tor Launcher should notify users that their clock is not set correctly
Previous by thread: Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Next by thread: Re: [tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Index(es):
- Author
- Thread