[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Security issue. Firefox in Tor Browser Bundle allows access to LAN resources. To fix: ABE of NoScript must be turn on by default



Le 21/01/2014 11:30, Yuri a écrit :
> 
> I just tried stock Firefox 26.0 version, and it doesn't allow loopback
> access (FreeBSD version). I don't have firewall. So it must be an issue
> with the earlier FF, or maybe with TBB modifications to it.
> Chrome-31 is also free of this problem.

Loopback (and LAN I bet) is accessible with TBB, FF and Chromium on
Linux (Ubuntu). Platform specific behaviors?

Anyway, the more I think about it, the more I see this as a TBB bug: TBB
is leaking non-Tor connections on client LAN.
As I understand it, current behavior is too clever and too liberal:
instead of allowing non-Tor connections to LAN hosts, supposedly because
they are safe, it should block them as a default.

--
Olivier

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk