[tor-bugs] #26456 [Applications/Tor Browser]: HTTP .onion sites inherit previous page's certificate information

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 21 23:40:15 UTC 2018


#26456: HTTP .onion sites inherit previous page's certificate information
------------------------------------------+--------------------------------
     Reporter:  pospeselr                 |      Owner:  pospeselr
         Type:  defect                    |     Status:  assigned
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
                                          |  TorBrowserTeam201806
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------------
 Seems to be an edge case from the #23247 patch.  To reproduce:

  - Navigate to a vanilla or .onion HTTPS site
  - From same tab, navigate to a .onion HTTP site

 The HTTP .onion will have the onion+lock icon, and the Page Info pane will
 be full of the previous HTTPS site's certificate information.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26456>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list