[tor-bugs] #20772 [Applications/Tor Browser]: src="data:< ; base64 images rendered when "Show images"="Blocked"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 2 00:16:04 UTC 2016
#20772: src="data:<;base64 images rendered when "Show images"="Blocked"
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by cypherpunks):
* priority: Medium => High
* severity: Normal => Major
Comment:
Active SVG exploits targetting TBB in the wild;
https://blog.torproject.org/blog/tor-browser-607-released#comment-223692
Having an option to disable the image parser would allow mitigating future
image bugs during the time between discovery and the time it's patched and
users download the new version.
This applies to TBB proper, not just the exceptionally understaffed
derivatives (eg https://dev.guardianproject.info/issues/8039).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20772#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list