[tor-bugs] #22501 [Applications/Tor Browser]: Requests via javascript: violate FPI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 27 22:24:22 UTC 2017
#22501: Requests via javascript: violate FPI
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner:
| pospeselr
Type: defect | Status:
| needs_review
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-linkability, noscript, | Actual Points:
TorBrowserTeam201709R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by pospeselr):
Confirmed, noscript.fixLinks now set to 'false' by default in Linux rbm
build, --unknown-- domain no longer sent when clicking links on provided
page, and URL redirect vulnerability no longer occurs when clicking on
javascript:XXX links.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22501#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list