#25737: Tor Browser's update check bypassed Tor once on macos, because of 
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by mcs):

 Replying to [comment:10 cypherpunks]:
 > Sorry for my delay, I had to ask the network administrator: the logs and
 cache contain an entry for `aus1.torproject.org`.

 To add to gk's questions: does the presence of `aus1.torproject.org` in
 your log mean that something did a DNS lookup on that name? I assume so,
 which means the leaked request was an application update request.

 There are at least three possible explanations for the request you saw:
 1. At some point in the past, the default browser proxy preferences were
 modified. Then you started Tor Browser and an application update request
 was sent before the settings were reset to the correct values (which
 Torbutton does during application startup in conjunction with Tor
 Launcher). I think this scenario might occur if transproxy mode was
 enabled at some prior time.
 2. There is a bug in Torbutton or Tor Launcher which temporarily caused
 the wrong proxy settings to be configured. Looking at the code, I do not
 see such a bug but it might be there.
 3. There is a proxy bypass bug in Tor Browser (and probably Firefox as
 well) that is triggered under certain conditions.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25737#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to