[tor-bugs] #18741 [Tor Browser]: OCSP and Favicon isolation is only partly working in ESR 45
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 6 14:29:49 UTC 2016
#18741: OCSP and Favicon isolation is only partly working in ESR 45
-----------------------------+----------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Major | Keywords: ff45-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
We might need a fixup patch for our OCSP and Favicon isolation in ESR45.
If one takes `https://dist.torproject.org` as an example URL I can see
things like
{{{
[01-01 00:00] Torbutton INFO: tor SOCKS:
https://dist.torproject.org/favicon.ico via torproject.org:0
[01-01 00:00:00] Torbutton INFO: tor SOCKS:
https://dist.torproject.org/favicon.ico via --NoFirstPartyHost-chrome-
browser.xul--:0
}}}
and
{{{
[01-01 00:00:00] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/ via
torproject.org:0
[01-01 00:00:0] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/ via
--nofirstpartyhost-chrome-browser.xul--:0
}}}
in the log output. Note the differing `nofirstpartyhost-chrome-
browser.xul` and `Nofirstpartyhost-chrome-browser.xul`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18741>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list