Security Hole: FTP and Gopher
In TorButton's Preferences, the programmer left out FTP and Gopher settings. This is a security hole because a malicious webserver/user can post a gopher or ftp link on a website or onion site visited through TOR and expose the user's external IP address.
Patch: A patch must be released that updates FTP and Gopher with a null proxy, such as 127.0.0.1:1 (and have the TorButton ensure no service is running on the null port).
Trac:
Username: johndoe32102002