[tor-bugs] #18741 [Tor Browser]: OCSP and Favicon isolation is only partly working in ESR 45

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 6 14:29:49 UTC 2016


#18741: OCSP and Favicon isolation is only partly working in ESR 45
-----------------------------+----------------------
     Reporter:  gk           |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  High         |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Major        |   Keywords:  ff45-esr
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
-----------------------------+----------------------
 We might need a fixup patch for our OCSP and Favicon isolation in ESR45.
 If one takes `https://dist.torproject.org` as an example URL I can see
 things like
 {{{
 [01-01 00:00] Torbutton INFO: tor SOCKS:
 https://dist.torproject.org/favicon.ico via torproject.org:0
 [01-01 00:00:00] Torbutton INFO: tor SOCKS:
 https://dist.torproject.org/favicon.ico via --NoFirstPartyHost-chrome-
 browser.xul--:0
 }}}
 and
 {{{
 [01-01 00:00:00] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/ via
 torproject.org:0
 [01-01 00:00:0] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/ via
 --nofirstpartyhost-chrome-browser.xul--:0
 }}}
 in the log output. Note the differing `nofirstpartyhost-chrome-
 browser.xul` and `Nofirstpartyhost-chrome-browser.xul`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18741>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list