[tbb-bugs] #22966 [Applications/Tor Browser]: Nasty MitM possibility with the Firefox blocklist service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 18 19:38:34 UTC 2017
#22966: Nasty MitM possibility with the Firefox blocklist service
--------------------------------------+--------------------------
Reporter: basvd | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by yawning):
Sigh. Per Mozilla's documentation this should not be happening, though at
this point I have no reason to doubt that it is.
https://www.mozilla.org/en-US/privacy/firefox/
> Add-ons Blocklist: Firefox contacts Mozilla once per day to check for
add-on information to check for malicious add-ons. This includes, for
example: browser version, OS and version, locale, total number of
requests, time of last request, time of day, IP address, and the list of
add-ons you have installed. You can turn off metadata updates at any time,
but it may leave you open to security vulnerabilities.
https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
> 3. In the Filter text box, type extensions.getAddons.cache.enabled.
> 4. Double click the extensions.getAddons.cache.enabled item to turn it
from true to false
That pref is disabled by default in Tor Browser.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22966#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list