[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
-------------------------------------+--------------------------------------
Reporter: Drugoy | Owner: ma1
Type: defect | Status: reopened
Priority: blocker | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords: MikePerry201204
Parent: | Points: 7
Actualpoints: 7 |
-------------------------------------+--------------------------------------
Comment(by mikeperry):
We've discovered that for some reason both codepaths of URL rewriting
(HTTPS.forceURI and HTTPS.replaceChannel) are applying to this PoC
exploit. That could explain the intermediate step 2, due to a race
condition between them. Next step is disabling each one and seeing what
the behavior is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs