Opened 5 years ago

Last modified 2 weeks ago

#10467 new defect

URLs are leaked to third party if they contain typos

Reported by: torar Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-firefox-patch
Cc: nord-stream@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Open a new tab in the Tor Browser and type "https;www.wikipedia.org" into the URL field (note the typo - a semicolon instead of a colon)

The Tor Browser jumps to startpage.com and searches it for "https;www.wikipedia.org"

Users may make typos - and I think there is no need to leak URLs with typos to a third party (startpage). You should patch Firefox so that anything typed into the URL field is never sent to a third party.

There is already a special field for startpage search in the navigation toolbar - so there is no need to use the URL field for searches.

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by torar

There should be "https"(semicolon)(slash)(slash)"www.wikipedia.org" in the above bug report. The trac system somehow removed the two slashes from the text.

comment:2 Changed 4 years ago by erinn

Keywords: tbb-firefox-patch added

comment:3 Changed 4 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:4 Changed 2 years ago by nord-stream

Cc: nord-stream@… added
Severity: Major

comment:5 Changed 2 weeks ago by janbhez

Solution:

Disable searching in the url field. We have a separate search field for searching.

Details:

In about:config set the keyword.enabled preference to false.
This disables "Address Bar Search" and prevents sending mistyped addresses to the site specified in keyword.URL (the keyword.URL preference used to define the default search engine url), while also prevents DNS lookups for single-word and url-like searches.

Examples (red highlights indicate unintended leaks):

  • User intends to open an url with typo, keyword.enabled = true
    https;//www.wikipedia.org with (semicolon)(slash)(slash) is a valid url (RFC 3986 https://www.ietf.org/rfc/rfc3986.txt), Tor Browser prefixes it with the default protocol, tries to resolve https; and open http://https;//www.wikipedia.org. If it fails Tor Browser follows up searching https;//www.wikipedia.org with the default search engine.
  • User intends to open an url with typo, keyword.enabled = false
    https;//www.wikipedia.org with (semicolon)(slash)(slash) is a valid url, Tor Browser prefixes it with the default protocol, tries to resolve https; and open http://https;//www.wikipedia.org. It it fails Tor Browser displays an error: "We can’t connect to the server at https;."
  • User intends to open an url with typo, keyword.enabled = true
    https::/www.wikipedia.org with (colon)(colon)(slash) is an invalid url, Tor Browser follows up searching https::/www.wikipedia.org with the default search engine.
  • User intends to open an url with typo, keyword.enabled = false
    https::/www.wikipedia.org with (colon)(colon)(slash) is an invalid url, Tor Browser displays an error: "Hmm. That address doesn’t look right."
  • User intends to search cat in the address bar, keyword.enabled = true
    cat is a valid url, Tor Browser prefixes it with the default protocol, tries to resolve cat and open http://cat. If it fails Tor Browser follows up searching cat with the default search engine.
  • User intends to search cat in the address bar, keyword.enabled = false
    cat is a valid url, Tor Browser prefixes it with the default protocol, tries to resolve cat and open http://cat. If it fails Tor Browser displays an error: "We can’t connect to the server at cat."
  • User intends to search cat dog in the address bar, keyword.enabled = true
    cat dog is an invalid url, Tor Browser follows up searching cat dog with the default search engine.
  • User intends to search cat dog in the address bar, keyword.enabled = false
    cat dog is an invalid url, Tor Browser displays an error: "Hmm. That address doesn’t look right."
  • User intends to search 3.14 in the address bar, keyword.enabled = true
    3.14 is a valid url, Tor Browser prefixes it with the default protocol, tries to open http://3.0.0.14. If it fails Tor Browser follows up searching 3.14 with the default search engine.
  • User intends to search 3.14 in the address bar, keyword.enabled = false
    3.1 is a valid url, Tor Browser prefixes it with the default protocol, tries to open http://3.0.0.14. If it fails Tor Browser displays an error: "We can’t connect to the server at 3.0.0.14."
Note: See TracTickets for help on using tickets.