Introduce preference for controlling speculative pre-connections (Related to Tor Browser / present in Firefox)
Introduce preference for controlling speculative pre-connections - (original source - https://bugzilla.mozilla.org/show_bug.cgi?id=814169) is also present in the Tor Browser Bundle
**Yuri Khan **2015-08-14 22:33:56 PDT
Hey,
here’s a potential tracking scenario:
* Mallory has a database of unverified email addresses. He wants to know which of them are read regularly.
* Mallory associates with each unverified email address a unique IPv6 address within his /64 network.
* Mallory sends each unverified recipient a message which consists of a hyperlink to this unique IPv6 address, wrapped around a lot of text.
* Alice views this message in a web mail client in Firefox. She inadvertently leaves the mouse in the area where the message is to be displayed.
* Firefox speculatively connects to the address of the link.
* Mallory’s router receives all connection attempts and logs destination addresses.
* Because each recipient got a unique IPv6 address, Mallory marks Alice’s email address as verified.
(source: https://bugzilla.mozilla.org/show_bug.cgi?id=814169#c18)
This scenario is also exploitable in the Tor browser because the default value of this API ('network.http.speculative-parallel-limit') is 6
A fix to mitigate this problem is to set 'network.http.speculative-parallel-limit' to 0 by default.
Trac:
Username: RickGeex_