[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
--------------------------------------+--------------------------------
Comment (by oc):
Replying to [comment:9 gk]:
> Where is the breach, exactly? The design document says:
> {{{
> The browser MUST NOT bypass Tor proxy settings for any content.
> }}}
As I understand it, the idea behind "proxy obedience" is that ''all'' TBB
generated traffic (DNS, HTTP, whatever) must go through Tor: nothing must
be leaked. It is not (only) about verifying the socks proxy honors its
settings.
As it is, according to users reports TBB does not leak on FreeBSD, but
leaks on Linux (127.0.0.1) and Windows (LAN). Anyone can check this with
the above mentioned test page -- further reports are welcome.
If these reports are right:
* A remote server can discover what platform TBB is running on with at
most two JS-embedded XHRs.
* If there is a local web server with liberal CORS policies, the remote
server can browse it and exfiltrate its data.
* When XHRs fail because of CORS, it can be circumvented using other
resources: successfully retrieving an <img src=http://127.0.0.1:631/images
/cups-icon.png> will go around CUPS CORS policies.
I agree with you however that the security issue is not limited to proxy
obedience.
Replying to [comment:9 gk]:
> And including "127.0.0.1" into "content" does not make any sense here as
this would imply that TBB users could never access 127.0.0.1 themselves
Let's take it in reverse: why would anyone use TBB to browse localhost
exactly?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs