[tor-bugs] #24553 [Applications/Tor Browser]: Re-enable Alternate Services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 7 19:58:24 UTC 2017
#24553: Re-enable Alternate Services
------------------------------------------+----------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: ff59-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Mozilla patched Alternate Services (Alt-Svc) to have first-party
isolation:
https://bugzilla.mozilla.org/1334690, effective Firefox 54. We disabled
Alt-Svc , but in TBB/ESR59 we can potentially re-enable it.
We also need to examine if there are other related headers or mechanisms
that could act as supercookie vectors. (Patrick McManus mentioned alt-used
as a possibility.) If there are, then those need to be isolated as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24553>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list