Opened 3 years ago

Closed 4 weeks ago

#20915 closed defect (fixed)

Web developer network tab breaks first-party isolation in some cases

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr-will-have, tbb-linkability
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There are rare cases where the first-part isolation breaks if the Web developer Network tab is open. This got first reported on our blog: https://blog.torproject.org/blog/tor-browser-65a5-released#comment-224102

Steps to reproduce (works both in the stable and the alpha series on Linux at least):

1) Start a fresh Tor Browser and set the Torbutton log level to "3"
2) Open the Network tab in the Web developer console (Ctrl + Shift + Q)
3) Go to https://torproject.org
4) Reload the page with the arrow in the URL bar

Result:

Torbutton INFO: tor SOCKS isolation catchall: https://www.torproject.org/images/onion-heart.png via --unknown--:de6a28fb71abeba4febbbdde61de345e

It is actually only the request for the onion heart that is affected. And having the Network tab open is crucial for reproducing the bug.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by gk

Might be fixed upstream already, thus let's double-check it during the ESR52 transition in case we don't get earlier to this bug.

comment:2 Changed 3 years ago by cypherpunks

304 Not Modified response for reloading preview image in the Network tab leads to bug in torbutton.

comment:3 Changed 2 years ago by gk

Keywords: ff52-esr-will-have added; ff52-esr removed
Resolution: fixed
Status: newclosed

Works for me with 7.0a4.

comment:4 Changed 2 years ago by cypherpunks

Indeed, but that's because TBB now fetches images from the network every time instead of using the cache. And about:cache shows that there are no cached elements, but about:memory shows that they exist

│    │  │  ├──1.07 MB (00.53%) ── memory-storage(O^privateBrowsingId=1&firstPartyDomain=torproject.org,p,/M)
│    │  │  ├──0.01 MB (00.01%) ── disk-storage(O^privateBrowsingId=1&firstPartyDomain=torproject.org,p,)
│    │  │  ├──0.00 MB (00.00%) ── disk-storage(O^firstPartyDomain=torproject.org,a,)
│    │  │  ├──0.00 MB (00.00%) ── memory-storage(O^firstPartyDomain=torproject.org,a,/M)

Weird.

comment:5 Changed 4 weeks ago by cypherpunks

Resolution: fixed
Status: closedreopened

9.0a6:

[09-15 07:30:53] Torbutton INFO: tor SOCKS: https://www.torproject.org/static/css/bootstrap.css.map via--unknown--:878a267349f5b487247d0a0175ae27f2

comment:6 in reply to:  5 Changed 4 weeks ago by gk

Resolution: fixed
Status: reopenedclosed

Replying to cypherpunks:

9.0a6:

[09-15 07:30:53] Torbutton INFO: tor SOCKS: https://www.torproject.org/static/css/bootstrap.css.map via--unknown--:878a267349f5b487247d0a0175ae27f2

Let's keep this ticket closed (FWIW: I tried to reproduce the issue following the description and failed so far). Please open a new one with steps to reproduce (changes you make to Tor Browser, on which operating system this is visible etc.).

Note: See TracTickets for help on using tickets.