[tbb-bugs] #8725 [Tor Browser]: resource:// URIs leak information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 14 11:10:48 UTC 2016
#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
Reporter: holizz | Owner: tbb-
Type: defect | team
Priority: Very High | Status: new
Component: Tor Browser | Milestone:
Severity: Major | Version:
Keywords: tbb-fingerprinting, tbb-rebase- | Resolution:
regression, tbb-testcase, tbb-firefox-patch | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Can you ask Mozilla to change exposing `resource://` URIs opt-in for each
extension via manifests (because some non-TBB extensions need it) and
eliminate `resource://` exposure in Firefox core? This is important
upstream too. It is actually one of the most critical holes in Firefox
(now with `Components` deprecated in Web). TBB's OS mangling is only half-
baked with this problem unresolved. So each anonymity
set is quite a bit smaller than imagined.
https://bugzilla.mozilla.org/show_bug.cgi?id=863246 is inactive now. It
seems '''we need more attention from Mozilla'''.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list