[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information

Subject: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 28 Jul 2016 22:04:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Jul 2016 18:04:19 -0400
In-reply-to: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
 Reporter:  holizz                               |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  needs_review
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-fingerprinting, tbb-rebase-      |        Version:
  regression, tbb-testcase, tbb-firefox-patch,   |     Resolution:
  TorBrowserTeam201607R                          |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mikeperry):

 * cc: boklm (added)


Comment:

 Couple points:

 1. I think it *might* have been better to use http-on-modify-request here
 rather than both the content policy and the response listener, but you
 might also not have as much information there about the source content
 url. Maybe this doesn't matter so much, since what we really want is a
 direct Firefox patch. The extra observers will have a perf cost, though.
 2. Given that we want to replace this by a direct patch, we should turn
 arthur's https://arthuredelstein.github.io/tordemos/resource-locale.html
 into a Tor Browser test of some kind to verify that future versions behave
 the same way. Boklm, can you handle that? Also, please add a test for
 https://trac.torproject.org/projects/tor/ticket/8725#comment:38 about the
 nested schemes. We should test that too.

 Otherwise, I think this is OK, and I agree it is an improvement. For now,
 I will merge this into the torbutton master branch for TBB 6.5-alpha,
 since it may shake a few more issues loose.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #19468 [Core Tor/Tor]: Revise prop259 to fit the Tor networking API
Next by Author: [tor-bugs] #19590 [- Select a component]: dgsdgsd
Previous by thread: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Next by thread: Re: [tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Index(es):
- Author
- Thread