[tbb-bugs] #16931 [Tor Browser]: Sanitize the add-on blocklist update URL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 31 05:13:28 UTC 2015
#16931: Sanitize the add-on blocklist update URL
-------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
The default value of the extensions.blocklist.url preference is
!https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
and sends detailed information about the operating system to Mozilla.
However, Mozilla's list of blocked add-ons and certificates is not OS
specific, and updates just need
!https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/
so that should be the default value of extensions.blocklist.url in Tor
Browser.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16931>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list