Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

[Tor Bug Tracker & Wiki]

#30657: Tor Browser locale is leaked via title of link tag on non-html page
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting-locale, ff68  |  Actual Points:
  -esr-will-have |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor44-can
-+-
Changes (by gk):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 9.0a6, which is about to get built, is based on ESR 68, so closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

[Tor Bug Tracker & Wiki]

#30657: Tor Browser locale is leaked via title of link tag on non-html page
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting-locale, ff68  |  Actual Points:
  -esr-will-have |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Thorin):

 The error is 68+ is

 Security Error: Content at
 `https://people.torproject.org/~gk/tests/test.txt` may not load or link to
 `resource://content-accessible/plaintext.css`.

 If I'm following this correctly:
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=863246 - blocked
 `resource://URIs` (yay!)
 - 57+ https://bugzilla.mozilla.org/show_bug.cgi?id=1395486 - they allowed
 plaintext.css in 57+ as a regression from 863246 (boo!)
 - 68+ https://bugzilla.mozilla.org/show_bug.cgi?id=1514655 - and now
 they've closed it down again (yay!)

 However, the last bugzilla is `css, enhancement`: and I wouldn't be
 surprised if it got reverted again. IDK, I just want to make sure that's
 it's a permanent solution

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

[Tor Bug Tracker & Wiki]

#30657: Tor Browser locale is leaked via title of link tag on non-html page
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting-locale, ff68  |  Actual Points:
  -esr-will-have |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-fingerprinting-locale => tbb-fingerprinting-locale, ff68
 -esr-will-have


Comment:

 Replying to [comment:2 Thorin]:
 > FWIW: this behavior (or at least the PoC) stopped working as of FF68+,
 so you should be good to go in the next ESR cycle. It returns a blank.

 Interesting, I wonder what bugfix on Mozilla's side is responsible for
 that...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page

[Tor Bug Tracker & Wiki]

#30657: Tor Browser locale is leaked via title of link tag on non-html page
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-fingerprinting-locale  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by Thorin):

 FWIW: this behavior (or at least the PoC) stopped starting with FF68, so
 you should be good to go in the next ESR cycle

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30657 [Applications/Tor Browser]: Tor Browser locale is leaked via title of link tag on non-html page (was: Tor Browser locale is leaked via title of link tag on 404 error page)

[Tor Bug Tracker & Wiki]

#30657: Tor Browser locale is leaked via title of link tag on non-html page
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-fingerprinting-locale  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Description changed by gk:

Old description:

> ryotak reported via our HackerOne bug bounty program that the Tor Browser
> locale is leaked via the title of link tag on 404 error page.
>
> For a test ryotak came up with see:
> https://people.torproject.org/~gk/tests/tor_plaintext_locale_leak.html.

New description:

 ryotak reported via our HackerOne bug bounty program that the Tor Browser
 locale is leaked via the title of the link tag on any non-html page.

 For a test ryotak came up with see:
 https://people.torproject.org/~gk/tests/tor_plaintext_locale_leak.html.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs