[tor-bugs] #27672 [Applications/Tor Browser]: User-agent OS info leak

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 12 19:43:32 UTC 2018


#27672: User-agent OS info leak
------------------------------------------+----------------------
     Reporter:  time_attacker             |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Immediate                 |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Blocker                   |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Tor Browser 8.0 on Linux has user-agent
 Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

 I also suspect Windows/MacOS version is leaked through UA. This behavior
 can aid fingerprinting or vulnerability exploitation.

 Tor Browser 7.x.x and before had one single Windows user-agent even on
 Linux platforms, only Android (Orfox) had other UA.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27672>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list