[tor-bugs] #8725 [Applications/Tor Browser]: resource:// URIs leak information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 29 01:38:05 UTC 2016
#8725: resource:// URIs leak information
-------------------------------------------------+-------------------------
Reporter: holizz | Owner: tbb-
Type: defect | team
Priority: Very High | Status:
Component: Applications/Tor Browser | needs_review
Severity: Major | Milestone:
Keywords: tbb-fingerprinting, tbb-rebase- | Version:
regression, tbb-testcase, tbb-firefox-patch, | Resolution:
TorBrowserTeam201607R | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by yawning):
Replying to [comment:40 mikeperry]:
> 1. I think it *might* have been better to use http-on-modify-request
here rather than both the content policy and the response listener, but
you might also not have as much information there about the source content
url. Maybe this doesn't matter so much, since what we really want is a
direct Firefox patch. The extra observers will have a perf cost, though.
The CSP is required because `http-on-modify-request` events dont' fire for
`recourse://` urls, unfortunately.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8725#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list