[tor-commits] [tor-browser/tor-browser-24.2.0esr-1] fixup! Tor Browser's Firefox preference overrides.
mikeperry at torproject.org
mikeperry at torproject.org
Mon Feb 3 18:39:16 UTC 2014
commit 78b899e9e7b28cbe9cc5cc1976223b070acf4c22
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Mon Feb 3 10:31:08 2014 -0800
fixup! Tor Browser's Firefox preference overrides.
Bug #10419: Websites should not be allowed to probe local ports, for
fingerprinting and local service vulnerability risks.
---
browser/app/profile/000-tor-browser.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 16928b3..93725ee 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -85,6 +85,7 @@ pref("network.http.spdy.enabled.v3", false); // Seems redundant, but just in cas
pref("network.proxy.socks", "127.0.0.1");
pref("network.proxy.socks_port", 9150);
pref("network.proxy.socks_remote_dns", true);
+pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
pref("network.proxy.type", 1);
pref("network.security.ports.banned", "9050,9051,9150,9151");
pref("network.dns.disablePrefetch", true);
More information about the tor-commits
mailing list