[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent



#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
     Reporter:  sqrt2             |      Owner:  mikeperry
         Type:  defect            |     Status:  reopened
     Priority:  normal            |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------

Comment (by mikeperry):

 I think the right fix here is to remove external-app-blocker.js from
 Torbutton, and patch the Firefox app launching code to emit our custom
 confirmation dialog before actually launching the app (or create another
 observer for this purpose).

 Unfortunately, the external app launching code itself is a little hairy
 and convoluted. The starting points are
 nsExternalHelperAppService::DoContent() and
 nsExternalHelperAppService::LoadURI(). It looks like there are still a few
 entrypoints there to launch external apps that happen before Mozilla tries
 to present their version of the app launch confirmation dialogs.
 Unfortunately, some of these points may happen in what appears to be
 compile-time generated C++ code.

 I can also try to bring this to Mozilla's attention to see if they are
 willing to write a proper fix themselves, since this silent app launching
 behavior is a longstanding issue in their own confirmation dialog system.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:74>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs