[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)

Subject: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 17 Aug 2015 09:19:23 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Aug 2015 05:19:34 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16840: Introduce preference for controlling speculative pre-connections (Related
to Tor Browser / present in Firefox)
---------------------------------------------+-----------------------------
 Reporter:  RickGeex_                        |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  major                            |      Milestone:
Component:  Tor Browser                      |        Version:  Tor:
 Keywords:  firefox, default, configuration  |  unspecified
Parent ID:                                   |  Actual Points:
                                             |         Points:
---------------------------------------------+-----------------------------
 Introduce preference for controlling speculative pre-connections -
 (original source - https://bugzilla.mozilla.org/show_bug.cgi?id=814169) is
 '''also present in the Tor Browser Bundle'''

 '''Yuri Khan '''2015-08-14 22:33:56 PDT

 {{{
 Hey,

 hereâs a potential tracking scenario:

 * Mallory has a database of unverified email addresses. He wants to know
 which of them are read regularly.
 * Mallory associates with each unverified email address a unique IPv6
 address within his /64 network.
 * Mallory sends each unverified recipient a message which consists of a
 hyperlink to this unique IPv6 address, wrapped around a lot of text.
 * Alice views this message in a web mail client in Firefox. She
 inadvertently leaves the mouse in the area where the message is to be
 displayed.
 * Firefox speculatively connects to the address of the link.
 * Malloryâs router receives all connection attempts and logs destination
 addresses.
 * Because each recipient got a unique IPv6 address, Mallory marks Aliceâs
 email address as verified.

 }}}
 (source: https://bugzilla.mozilla.org/show_bug.cgi?id=814169#c18)

 This scenario is also exploitable in the Tor browser because the default
 value of this API ('network.http.speculative-parallel-limit') is 6

 A fix to mitigate this problem is to set 'network.http.speculative-
 parallel-limit' to 0 by default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16840>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #16839 [Ooni]: error: bad install directory or PYTHONPATH
Next by Author: Re: [tor-bugs] #16771 [Tor Browser]: TBB crashes on Google Maps when creating markers/clicking
Previous by thread: [tor-bugs] #16839 [Ooni]: error: bad install directory or PYTHONPATH
Next by thread: Re: [tor-bugs] #16840 [Tor Browser]: Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
Index(es):
- Author
- Thread