[tor-bugs] #20195 [Applications/Torbutton]: torbutton-torCheckService doesn't honor domain isolation.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 21 07:10:18 UTC 2016
#20195: torbutton-torCheckService doesn't honor domain isolation.
----------------------------------------+-----------------
Reporter: yawning | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Torbutton | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
----------------------------------------+-----------------
The HTTPs request made to `check.torproject.org` as part of startup
doesn't use domain isolation at all.
How to reproduce:
1. Monitor the SOCKS traffic (or circuit list).
2. Start Tor Browser, get to the `about:tor` page.
3. Gasp in horror.
Tested with 6.0.5.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20195>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list