[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5742 [Firefox Patch Issues]: Verify image cache url isolation

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5742 [Firefox Patch Issues]: Verify image cache url isolation
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 02 May 2012 21:11:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 02 May 2012 17:11:32 -0400
In-reply-to: <049.c5eed10094be76fefceb5f26ac4f7cbc@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.c5eed10094be76fefceb5f26ac4f7cbc@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5742: Verify image cache url isolation
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry
     Type:  task                  |         Status:  new      
 Priority:  major                 |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------

Comment(by gk):

 Your suspicion seems to be correct :(.

 My test setup and results:

 I used a simple html file containing the Google image mentioned in #5715
 and the latest TBB (otherwise I had to patch the JonDoFox-JS as well as we
 currently avoid the cache for all 3rd party requests) on Linux. The file
 was hosted on svn.jondos.de and on anonymous-proxy-servers.net. After
 clearing the cache I loaded the file on svn.jondos.de in the first tab and
 afterwards the file on anonymous-proxy-servers.net in the second tab.
 about:cache showed me only the image cache entry with the svn.jondos.de
 domain. I repeated the same experiment and looked at the request/response
 headers as well. about:cache gave me the same results. Additionally, the
 captured headers showed no request for the image in tab 2. Therefore, I
 would conclude that the cached image is indeed used despite being loaded
 by a different domain.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5742#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5742 [Firefox Patch Issues]: Verify image cache url isolation
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5741 [Tor bundles/installation]: TBB proxy bypass: Some DNS requests not going through Tor
Next by Author: Re: [tor-bugs] #5742 [Firefox Patch Issues]: Fix image cache url isolation (was: Verify image cache url isolation)
Previous by thread: [tor-bugs] #5742 [Firefox Patch Issues]: Verify image cache url isolation
Next by thread: Re: [tor-bugs] #5742 [Firefox Patch Issues]: Fix image cache url isolation (was: Verify image cache url isolation)
Index(es):
- Author
- Thread