Hi Yuri
I don't think browsers in general allow connections on loopback
interfaces, unless explicitly requested by users. If any of the browsers
do, this is a security violation irrelevant to tor.
If you are confident this is an issue with firefox, you should create a
PR for firefox project (in Mozilla bugzilla).
Yuri
Maybe you'll be suprised but Firefox by default allow connections to loopback
interfaces if there is no disabled rule in firewall settings. NoScript Add-On
can solve the problem by ABE.
I have Tor Browser Bundle 3.5 and Firefox 24.2.0 from there.
Just open some port on your computer(only for testing) for example local web-server and try with Firefox from Tor Browser Bundle this page: http://tortestprivacy.url.ph/
You will see :) (ABE must be turned off, as by default)
TT Security.
--
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
