[tor-talk] Thunderbird leak
Mike Cardwell
tor at lists.grepular.com
Sun Jan 26 15:06:53 UTC 2014
I just blogged about a general security issue in Thunderbird which may
also affect people who are using Tor:
https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs
Basically, an email can be crafted such that when you click a link in
that email it is opened within a Thunderbird tab instead of in your
usual (potentially torified) web browser. Bypassing any other defenses
you might also have, including NoScript etc.
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140126/e7172cfe/attachment.sig>
More information about the tor-talk
mailing list