Torbutton 1.1.15-alpha has been released at https://torbutton.torproject.org/dev/. Those of you who installed Torbutton 1.1.14 should also be able to fetch the latest version now by simply clicking Find Updates in the addons window. This release features a number of fixes for bugs discovered by Gregory Fleischer. Greg discovered a way to unmask the Javascript hooks for window.screen, window.history, window.Date and window.navigator. It is technically possible to use an unmasked window.history object in combination with an exploit for Firefox Bug 409737 to write Javascript that waits for Tor to be disabled to connect to a site via your IP. The Date unmasking unfortunately has not been fixed due to idiosyncrasies with the way the Date class is implemented in the Firefox Javascript interpreter. This means it is possible for a malicious website or exit node to determine your timezone if they perform Greg's attack to unmask the original Date implementation from behind the hooks. It appears that the only way to fix this issue is to implement a fix for either Firefox Bug 392274 or 419598. Here is the complete ChangeLog for 1.1.15: * bugfix: Fix hook unmasking of window.screen, window.history, and window.navigator discovered by Greg Fleischer. window.Date unmasking is still unfixed. window.history unmasking represents potential IP disclosure due to Firefox Bug 409737. * bugfix: Fix view-source extension disclosure bug found by Greg Fleischer. * bugfix: Fix javascript and about links. Found by Greg Fleischer. * new: Attempt to prevent window sizes from drifting during resize. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpLQVtEwtvFf.pgp
Description: PGP signature