[tor-bugs] #6735 [Firefox Patch Issues]: TBB-Firefox leaks the OS and kernel version to Mozilla update servers
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Aug 31 00:21:57 UTC 2012
#6735: TBB-Firefox leaks the OS and kernel version to Mozilla update servers
----------------------------------+-----------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-fingerprinting | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Changes (by mikeperry):
* keywords: => tbb-fingerprinting
Comment:
If this is indeed the current OS kernel rather than the build machine
kernel, this information might be sufficient for Mozilla to be coerced to
mount targeted attacks against certain Tor users. It might also be
sufficient to fingerprint the number of bytes on the wire at the exit
node, should an update request happen to be concurrent with other traffic.
Hard to say that this scenario is worse than the other 14 other
fingerprinting bugs we needed to fix yesterday. I think it's probably not,
but I'll tag it as tbb-fingerprinting anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6735#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list