[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] branch tor-browser-102.4.0esr-12.0-1 updated: fixup! Bug 40562: Added Tor-related preferences to 000-tor-browser.js



This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-102.4.0esr-12.0-1
in repository tor-browser.

The following commit(s) were added to refs/heads/tor-browser-102.4.0esr-12.0-1 by this push:
     new 836aa1709778 fixup! Bug 40562: Added Tor-related preferences to 000-tor-browser.js
836aa1709778 is described below

commit 836aa1709778a37390a9977123700818d8026656
Author: Richard Pospesel <richard@xxxxxxxxxxxxxx>
AuthorDate: Wed Oct 26 16:28:52 2022 +0000

    fixup! Bug 40562: Added Tor-related preferences to 000-tor-browser.js
    
    Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned
---
 browser/app/profile/000-tor-browser.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 65d6bc26a8b9..be6473555aa2 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -23,7 +23,10 @@ pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for loca
 pref("network.proxy.type", 1);
 // Bug 40548: Disable proxy-bypass
 pref("network.proxy.failover_direct", false);
-pref("network.security.ports.banned", "9050,9051,9150,9151");
+// localhost is already blocked by setting `network.proxy.allow_hijacking_localhost` to
+// true, allowing users to explicitly block ports makes them fingerprintable; for details, see
+// Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned
+pref("network.security.ports.banned", "", locked);
 pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
 pref("network.http.max-persistent-connections-per-proxy", 256);
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits