[tor-bugs] #18107 [Tor Browser]: Prevent automatic HTTP redirects
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 20 05:04:08 UTC 2016
#18107: Prevent automatic HTTP redirects
-----------------------------+----------------------
Reporter: slycelote | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------
Apparently, at some point this feature was removed from Firefox. The
option "Advanced -> General -> Warn me when websites try to redirect"
doesn't seem to work. For example, this link redirects automatically:
http://bit.ly/M4DEDa
I think that automatic HTTP redirects are a potential attack vector. (See,
for example, [1]). Can the option to disable them be restored?
[1]
https://www.reddit.com/r/TOR/comments/41bfwq/tor_exits_can_strip_ssl_inject_malicious_js_then/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18107>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list