[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 08 May 2012 19:52:32 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 May 2012 15:52:47 -0400
In-reply-to: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
    Reporter:  Drugoy                |       Owner:  ma1            
        Type:  defect                |      Status:  reopened       
    Priority:  blocker               |   Milestone:                 
   Component:  EFF-HTTPS Everywhere  |     Version:                 
  Resolution:                        |    Keywords:  MikePerry201204
      Parent:                        |      Points:  7              
Actualpoints:  7                     |  
-------------------------------------+--------------------------------------

Comment(by mikeperry):

 FTR: The behavior is quite different if you run
 http://ww2.cs.mu.oz.au/~pde/bugs/5477-tst.html in Tor Browser. For me, the
 url bar in the popup goes through three states:

 1. I click Demo, and the popup has a url of
 http://ww2.cs.mu.oz.au/~pde/bugs/5477-tst.html and the frogs popup appears
 immediately.

 2. A second goes by, and the url bar turns to https://www.apple.com, with
 the content of the popup still in place (yes this is bad, but keep
 reading)

 3. Another second or two goes by, and the redirect completes, and as far
 as I can tell, I'm now on the real https://www.apple.com url with valid
 content.

 It's possible that when we tested this, step 2 happened very quickly for
 us (perhaps because both Peter and I were testing the fix on vanilla
 Firefox without Tor), and we didn't notice the interim state.

 Am I seeing the same thing everyone else is seeing? Is the blocker that is
 causing so many users to get hacked really this brief interim state in 2?
 Because if so, I'm very surprised that so many users are getting hacked so
 quickly.

 Not that the brief interim state isn't something that should be prevented
 if possible.. I'm just surprised at all the screaming. Seems a bit
 unnecessary.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Next by Author: Re: [tor-bugs] #5797 [Torbutton]: Review and test Torbutton-birdy
Previous by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Next by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Index(es):
- Author
- Thread