[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID:
Points: |
----------------------------------+---------------------------
Comment (by mikeperry):
I think the right fix here is to remove external-app-blocker.js from
Torbutton, and patch the Firefox app launching code to emit our custom
confirmation dialog before actually launching the app (or create another
observer for this purpose).
Unfortunately, the external app launching code itself is a little hairy
and convoluted. The starting points are
nsExternalHelperAppService::DoContent() and
nsExternalHelperAppService::LoadURI(). It looks like there are still a few
entrypoints there to launch external apps that happen before Mozilla tries
to present their version of the app launch confirmation dialogs.
Unfortunately, some of these points may happen in what appears to be
compile-time generated C++ code.
I can also try to bring this to Mozilla's attention to see if they are
willing to write a proper fix themselves, since this silent app launching
behavior is a longstanding issue in their own confirmation dialog system.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:74>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs