[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #16864 [Tor Browser]: List of browser privacy/security threats
#16864: List of browser privacy/security threats
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
Thought this would be interesting for devs. Any one of these not taken
care of within Tor Browser?
Privacy threats:
First party cookies
Third party tracking cookies
Cached data "cookies" (i.e. cookies in image data read by JS)
Flash cookies
Silverlight isolated storage cookies
IE userData storage cookies
HTML5 local storage cookies
HTML5 global storage cookies
HTML5 session storage cookies
HTML5 database cookies via SQLite
HTML5 canvas fingerprinting
Browser fingerprinting pseudo-cookie (using fonts, add-ons, user
agent, etc.)
ISP injected super-cookies.
Fingerprinting via Java (i.e. your MAC address)
window.name caching
Cookies stored in browser history
ETag tracking (i.e. a unique ID embedded into a URL)
Exposure via DNS leaks
Exposure/leaks via LDAP (only servers are vulnerable)
Information leaks via autocomplete
Information leaks accessible via JavaScript (i.e. user name)
HSTS fingerprinting
Exposure via WebRTC
Security threats:
Javascript exploits
Flash exploits
Java exploits
Silverlight exploits
PDF exploits against built-in PDF reader
Browser exploits which require no active scripting (very rare)
External application exploits launched via URI
Office document exploits using browser add-on to avoid user
interaction
XSS
Clickjacking
Cross-Site Request Forgery (CSRF)
TLS downgrade
TLS stripping (MITM)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16864>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs