[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB

To: undisclosed-recipients:;
Subject: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 21 Oct 2012 19:05:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Oct 2012 15:05:20 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7179: Ths SSL Observatory feature leaks DNS requests without the TBB
----------------------------------+-----------------------------------------
 Reporter:  gk                    |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  critical              |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 HTTPS-Everywhere is leaking DNS requests no matter whether I use Tor or
 not (but note that the TBB is not affected. See below for the reason). All
 tests were made in a clean new profile with FF 16.0.1 and HTTPS-E 3.0.2
 installed.

 The reason is that

 Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST

 is _not_ enough to be sure to not leak DNS requests if you build your
 proxy settings manually and using applyFilter(). This is actually a
 Mozilla (Necko) bug documented here:

 https://bugzilla.mozilla.org/show_bug.cgi?id=536093

 The only workaround I am currently aware of is setting
 "network.dns.disablePrefetch" to |true|, a thing which is done in the TBB.
 Then there are no requests leaking.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7179>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #7178 [TorBrowserButton]: NoScript (2.5.7) "reset" in TBB (one result)
Next by Author: Re: [tor-bugs] #6613 [EFF-HTTPS Everywhere]: [CHROME] Abnormal CPU usage
Previous by thread: Re: [tor-bugs] #7178 [TorBrowserButton]: NoScript (2.5.7) "reset" button does not use TBB defaults (was: NoScript (2.5.7) "reset" in TBB (one result))
Next by thread: Re: [tor-bugs] #7179 [EFF-HTTPS Everywhere]: Ths SSL Observatory feature leaks DNS requests without the TBB
Index(es):
- Author
- Thread