Opened 5 years ago

Last modified 2 years ago

#10467 new defect

URLs are leaked to third party if they contain typos

Reported by: torar Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-firefox-patch
Cc: nord-stream@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Open a new tab in the Tor Browser and type "https;" into the URL field (note the typo - a semicolon instead of a colon)

The Tor Browser jumps to and searches it for "https;"

Users may make typos - and I think there is no need to leak URLs with typos to a third party (startpage). You should patch Firefox so that anything typed into the URL field is never sent to a third party.

There is already a special field for startpage search in the navigation toolbar - so there is no need to use the URL field for searches.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by torar

There should be "https"(semicolon)(slash)(slash)"" in the above bug report. The trac system somehow removed the two slashes from the text.

comment:2 Changed 4 years ago by erinn

Keywords: tbb-firefox-patch added

comment:3 Changed 4 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:4 Changed 2 years ago by nord-stream

Cc: nord-stream@… added
Severity: Major
Note: See TracTickets for help on using tickets.