[tbb-bugs] #10467 [Applications/Tor Browser]: URLs are leaked to third party if they contain typos

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Sep 30 22:13:31 UTC 2018 

#10467: URLs are leaked to third party if they contain typos
--------------------------------------+--------------------------
 Reporter:  torar                     |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-firefox-patch         |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by janbhez):

 == Solution:
 Disable searching in the url field. We have a separate search field for
 searching.

 == Details:
 In '''about:config''' set the '''keyword.enabled''' preference to
 '''false'''.
 This disables "Address Bar Search" and prevents sending mistyped addresses
 to the site specified in keyword.URL (the keyword.URL preference used to
 define the default search engine url), while also prevents DNS lookups for
 single-word and url-like searches.

 == Examples (red highlights indicate unintended leaks):
 * '''User intends to open an url with typo, keyword.enabled =
 true'''\\//https^^;^^/^^/www.wikipedia.org// with
 (semicolon)(slash)(slash) is a valid url (RFC 3986
 https://www.ietf.org/rfc/rfc3986.txt), Tor Browser prefixes it with the
 default protocol, tries to resolve //https^^;// and open
 //http^^:^^/^^/https^^;^^/^^/www.wikipedia.org//. If it fails [[span(style
 =background-color: #FFC8C8, Tor Browser follows up searching
 //https^^;^^/^^/www.wikipedia.org// with the default search engine.)]]
 * '''User intends to open an url with typo, keyword.enabled =
 false'''\\//https^^;^^/^^/www.wikipedia.org// with
 (semicolon)(slash)(slash) is a valid url, Tor Browser prefixes it with the
 default protocol, tries to resolve //https^^;// and open
 //http^^:^^/^^/https^^;^^/^^/www.wikipedia.org//. It it fails Tor Browser
 displays an error: "We can’t connect to the server at https^^;."
 * '''User intends to open an url with typo, keyword.enabled =
 true'''\\//https^^:^^:^^/www.wikipedia.org// with (colon)(colon)(slash) is
 an invalid url, [[span(style=background-color: #FFC8C8, Tor Browser
 follows up searching //https^^:^^:^^/www.wikipedia.org// with the default
 search engine.)]]
 * '''User intends to open an url with typo, keyword.enabled =
 false'''\\//https^^:^^:^^/www.wikipedia.org// with (colon)(colon)(slash)
 is an invalid url, Tor Browser displays an error: "Hmm. That address
 doesn’t look right."
 * '''User intends to search //cat// in the address bar, keyword.enabled =
 true'''\\//cat// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to resolve //cat//
 )]] and open //http^^:^^/^^/cat//. If it fails Tor Browser follows up
 searching //cat// with the default search engine.
 * '''User intends to search //cat// in the address bar, keyword.enabled =
 false'''\\//cat// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to resolve //cat//
 )]] and open //http^^:^^/^^/cat//. If it fails Tor Browser displays an
 error: "We can’t connect to the server at cat."
 * '''User intends to search //cat dog// in the address bar,
 keyword.enabled = true'''\\//cat dog// is an invalid url, Tor Browser
 follows up searching //cat dog// with the default search engine.
 * '''User intends to search //cat dog// in the address bar,
 keyword.enabled = false'''\\//cat dog// is an invalid url, Tor Browser
 displays an error: "Hmm. That address doesn’t look right."
 * '''User intends to search //3.14// in the address bar, keyword.enabled =
 true'''\\//3.14// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to open
 //http^^:^^/^^/3.0.0.14// )]]. If it fails Tor Browser follows up
 searching //3.14// with the default search engine.
 * '''User intends to search //3.14// in the address bar, keyword.enabled =
 false'''\\//3.1// is a valid url, Tor Browser prefixes it with the default
 protocol, [[span(style=background-color: #FFC8C8, tries to open
 //http^^:^^/^^/3.0.0.14//. )]] If it fails Tor Browser displays an error:
 "We can’t connect to the server at 3.0.0.14."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10467#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list