[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9336 [Firefox Patch Issues]: Odd wyswig schemes without isolation for browserspy.dk
#9336: Odd wyswig schemes without isolation for browserspy.dk
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-linkability | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mcs):
After loading http://browserspy.dk/screen.php, we see the following non-
isolated entries (all with scheme wyciwyg):
wyciwyg://0/http://browserspy.dk/screen.php
wyciwyg://1/http://browserspy.dk/screen.php
wyciwyg://2/http://browserspy.dk/screen.php
wyciwyg://3/https://googleads.g.doubleclick.net/pagead/ads... (URL
truncated)
wyciwyg://4/https://googleads.g.doubleclick.net/pagead/ads... (URL
truncated)
The wyciwyg scheme is used to keep a copy of content that was modified by
JS (probably to support the back button in the browser, etc.) That scheme
is not supposed to be accessible by web pages, but isolation might be a
good idea.
Mike, did you make the isolation changes for HTTP? The Mozilla file that
needs to be patched is probably
netwerk/protocol/wyciwyg/nsWyciwygChannel.cpp (see
nsWyciwygChannel::OpenCacheEntry(), etc.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9336#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs