[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10467 [Applications/Tor Browser]: URLs are leaked to third party if they contain typos

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #10467 [Applications/Tor Browser]: URLs are leaked to third party if they contain typos
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 30 Sep 2018 22:13:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 30 Sep 2018 18:13:41 -0400
In-reply-to: <045.4db0b9f548dcfc1432e32fe4d5ad513d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.4db0b9f548dcfc1432e32fe4d5ad513d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10467: URLs are leaked to third party if they contain typos
--------------------------------------+--------------------------
 Reporter:  torar                     |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-firefox-patch         |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by janbhez):

 == Solution:
 Disable searching in the url field. We have a separate search field for
 searching.

 == Details:
 In '''about:config''' set the '''keyword.enabled''' preference to
 '''false'''.
 This disables "Address Bar Search" and prevents sending mistyped addresses
 to the site specified in keyword.URL (the keyword.URL preference used to
 define the default search engine url), while also prevents DNS lookups for
 single-word and url-like searches.

 == Examples (red highlights indicate unintended leaks):
 * '''User intends to open an url with typo, keyword.enabled =
 true'''\\//https^^;^^/^^/www.wikipedia.org// with
 (semicolon)(slash)(slash) is a valid url (RFC 3986
 https://www.ietf.org/rfc/rfc3986.txt), Tor Browser prefixes it with the
 default protocol, tries to resolve //https^^;// and open
 //http^^:^^/^^/https^^;^^/^^/www.wikipedia.org//. If it fails [[span(style
 =background-color: #FFC8C8, Tor Browser follows up searching
 //https^^;^^/^^/www.wikipedia.org// with the default search engine.)]]
 * '''User intends to open an url with typo, keyword.enabled =
 false'''\\//https^^;^^/^^/www.wikipedia.org// with
 (semicolon)(slash)(slash) is a valid url, Tor Browser prefixes it with the
 default protocol, tries to resolve //https^^;// and open
 //http^^:^^/^^/https^^;^^/^^/www.wikipedia.org//. It it fails Tor Browser
 displays an error: "We can’t connect to the server at https^^;."
 * '''User intends to open an url with typo, keyword.enabled =
 true'''\\//https^^:^^:^^/www.wikipedia.org// with (colon)(colon)(slash) is
 an invalid url, [[span(style=background-color: #FFC8C8, Tor Browser
 follows up searching //https^^:^^:^^/www.wikipedia.org// with the default
 search engine.)]]
 * '''User intends to open an url with typo, keyword.enabled =
 false'''\\//https^^:^^:^^/www.wikipedia.org// with (colon)(colon)(slash)
 is an invalid url, Tor Browser displays an error: "Hmm. That address
 doesn’t look right."
 * '''User intends to search //cat// in the address bar, keyword.enabled =
 true'''\\//cat// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to resolve //cat//
 )]] and open //http^^:^^/^^/cat//. If it fails Tor Browser follows up
 searching //cat// with the default search engine.
 * '''User intends to search //cat// in the address bar, keyword.enabled =
 false'''\\//cat// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to resolve //cat//
 )]] and open //http^^:^^/^^/cat//. If it fails Tor Browser displays an
 error: "We can’t connect to the server at cat."
 * '''User intends to search //cat dog// in the address bar,
 keyword.enabled = true'''\\//cat dog// is an invalid url, Tor Browser
 follows up searching //cat dog// with the default search engine.
 * '''User intends to search //cat dog// in the address bar,
 keyword.enabled = false'''\\//cat dog// is an invalid url, Tor Browser
 displays an error: "Hmm. That address doesn’t look right."
 * '''User intends to search //3.14// in the address bar, keyword.enabled =
 true'''\\//3.14// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to open
 //http^^:^^/^^/3.0.0.14// )]]. If it fails Tor Browser follows up
 searching //3.14// with the default search engine.
 * '''User intends to search //3.14// in the address bar, keyword.enabled =
 false'''\\//3.1// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to open
 //http^^:^^/^^/3.0.0.14//. )]] If it fails Tor Browser displays an error:
 "We can’t connect to the server at 3.0.0.14."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10467#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #27207 [Core Tor/Tor]: Examples in CodingStandardsRust.md are wrong (was: CodingStandardsRust.md is wrong)
Next by Author: Re: [tor-bugs] #27705 [Core Tor/sbws]: What to change on stem release 1.7
Previous by thread: [tor-bugs] #27919 [Applications/Tor Browser]: Backport SSL status API to Tor Browser alpha
Next by thread: [tor-bugs] #27920 [Core Tor/Torsocks]: torsocks fails to open socks 4 connection: [socks5] Resolve destination buffer too small (in socks5_recv_resolve_reply() at socks5.c:707)
Index(es):
- Author
- Thread