[tbb-bugs] #8213 [Applications/Tor Browser]: spoof history.length - browser.sessionhistory.max_entries
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 10 23:29:27 UTC 2019
#8213: spoof history.length - browser.sessionhistory.max_entries
--------------------------------------------+--------------------------
Reporter: proper | Owner: tbb-team
Type: defect | Status: new
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability, tbb-torbutton | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by Thorin):
@gk
FWIW, `browser.sessionhistory.max_entries` has been broken since FF61, and
I will probably never get fixed - see
https://bugzilla.mozilla.org/show_bug.cgi?id=1511813
As for cross-origin linkability / privacy concerns: there shouldn't be
any: see
- https://developer.mozilla.org/en-US/docs/Web/API/History
- https://html.spec.whatwg.org/multipage/history.html
Suggest we close this, unless you can think of any XSS or other trickery
involved here
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8213#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list