[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26451 [HTTPS Everywhere/EFF-HTTPS Everywhere]: HTTPS-Everywhere freezes the browser when entering URLS like ./a.



#26451: HTTPS-Everywhere freezes the browser when entering URLS like ./a.
-------------------------------------------------+-------------------------
     Reporter:  gk                               |      Owner:  legind
         Type:  defect                           |     Status:  new
     Priority:  High                             |  Milestone:
    Component:  HTTPS Everywhere/EFF-HTTPS       |    Version:
  Everywhere                                     |
     Severity:  Major                            |   Keywords:
Actual Points:                                   |  Parent ID:
       Points:                                   |   Reviewer:
      Sponsor:                                   |
-------------------------------------------------+-------------------------
 Starting with the latest HTTPS-Everywhere update (2018.6.13) the browser
 freezes when URLs like `./a.` are entered into the URL bar. davtur19
 reported this bug via our HackerOne bug bounty program to us and suggested
 that this is even exploitable by web content doing things like `<meta
 http-equiv="refresh" content="0;URL=http://./a.";>`

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26451>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs