[tor-bugs] #30981 [Applications]: Torbrowser/Torbirdy insecure settings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 25 16:54:26 UTC 2019
#30981: Torbrowser/Torbirdy insecure settings
-----------------------------------+------------------------------
Reporter: cypherpunks | Owner: (none)
Type: enhancement | Status: new
Priority: High | Component: Applications
Version: | Severity: Critical
Keywords: certificates, history | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------------
Described for Torbirdy, applicable in the same way to Torbrowser.
security.OCSP.enabled must be 0, after program restart 1
Leak of used https-certificates, also leak of certificates used to check
signatures of e-mails, thus history of used certificates (i.e. website,
signatures, keys, if tied to a certificate).
furthermore leak of fingerprint (in case of Torbirdy, should be secured
with Torbrowser)
Accept:
Accept-Language:
Accept-Encoding:
...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30981>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list