[tor-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 21 23:40:15 UTC 2018
#26456: HTTP .onion sites inherit previous page's certificate information
------------------------------------------+--------------------------------
Reporter: pospeselr | Owner: pospeselr
Type: defect | Status: assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
| TorBrowserTeam201806
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------------
Seems to be an edge case from the #23247 patch. To reproduce:
- Navigate to a vanilla or .onion HTTPS site
- From same tab, navigate to a .onion HTTP site
The HTTP .onion will have the onion+lock icon, and the Page Info pane will
be full of the previous HTTPS site's certificate information.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list