[tor-bugs] #23686 [Applications/Tor Browser]: When "http://" is in front of a V3 link, Tor browser will search the text after "http://" on duckduckgo
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 28 20:14:05 UTC 2017
#23686: When "http://" is in front of a V3 link, Tor browser will search the text
after "http://" on duckduckgo
------------------------------------------+----------------------
Reporter: Dbryrtfbcbhgf | Owner: tbb-team
Type: defect | Status: new
Priority: Immediate | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Critical | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
When "http://" is in front of a V3 link, Tor browser will search the
entire link on duckduckgo,
​copy and paste the link below straight into the Tor browser URL field and
click GO.
If the user is trying to keep their hidden service secret, this bug will
cause duckduckgo to see the unencrypted link, allowing attackers to easily
find their hidden service if DuckDuckGo is compromised.
http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion
Tor Browser 7.5a5
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23686>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list