[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 20 Jul 2019 23:37:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 20 Jul 2019 19:37:33 -0400
In-reply-to: <042.8cab14d7112dc5d7715e89f1be161cc5@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.8cab14d7112dc5d7715e89f1be161cc5@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30657: Tor Browser locale is leaked via title of link tag on non-html page
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-locale, ff68      |  Actual Points:
  -esr-will-have                                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by Thorin):

 The error is 68+ is

 Security Error: Content at
 `https://people.torproject.org/~gk/tests/test.txt` may not load or link to
 `resource://content-accessible/plaintext.css`.

 If I'm following this correctly:
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=863246 - blocked
 `resource://URIs` (yay!)
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=1395486 - they allowed
 plaintext.css in 57+ as a regression from 863246 (boo!)
 - 68+ https://bugzilla.mozilla.org/show_bug.cgi?id=1514655 - and now
 they've closed it down again (yay!)

 However, the last bugzilla is `css, enhancement`: and I wouldn't be
 surprised if it got reverted again. IDK, I just want to make sure that's
 it's a permanent solution

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30657#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #31206 [Applications/Tor Browser]: http://ip-check.info detects browser window size with JS disabled
Next by Author: Re: [tor-bugs] #31170 [Circumvention/Snowflake]: Addon Icon looks horrible Firefox Dark Mode.
Previous by thread: Re: [tor-bugs] #12399 [Core Tor/Tor]: "Hash of session info was not as expected" should be log_protocol_warn
Next by thread: [tor-bugs] #31209 [Applications/Tor Browser]: View PDF in Tor browser is fuzzy
Index(es):
- Author
- Thread