[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30427 [Applications/Tor Browser]: Tor Bowser locale can be detected with FTP

To: undisclosed-recipients: ;
Subject: [tor-bugs] #30427 [Applications/Tor Browser]: Tor Bowser locale can be detected with FTP
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 07 May 2019 11:54:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 07 May 2019 07:54:19 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30427: Tor Bowser locale can be detected with FTP
------------------------------------------+--------------------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-fingerprinting
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------------
 xiaoyinl reported on HackerOne that the Tor Browser locale can be detected
 with FTP:
 {{{
 If a visitor navigates to a directory on a FTP server, Tor Browser shows a
 page displaying the directory tree. However, the source code of this page
 is generated by Tor Browser, rather than the server, because an FTP server
 only sends file info and the browser displays it in a nice format.
 Moreover, the FTP directory page is localized, even if the user has chosen
 not to reveal his/her UI language, i.e. privacy.spoof_english == 2.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30427>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #30166 [Applications/Tor Browser]: If custom bridges are specified, only use those bridges for connecting
Next by Author: Re: [tor-bugs] #30311 [Core Tor/Tor]: Maybe add HeaderLine to the bandwidth file specification
Previous by thread: [tor-bugs] #30426 [Applications/Tor Browser]: Include compile instructions in our tor-android-service repo
Next by thread: [tor-bugs] #30428 [Core Tor/Tor]: sendme: Failure to validate authenticated SENDMEs client side
Index(es):
- Author
- Thread