Opened 2 years ago

Closed 2 years ago

#22226 closed defect (duplicate)

Exploiting the TOR-Browser reporting security bugs issues

Reported by: Dbryrtfbcbhgf Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This security researcher has multiple tor browser security vulnerabilities, but is unable to successfully report them. Torproject should make it much easier and much simpler to report security bugs, like having a single well know security reporting email. Here is his blog post with the security vulnerability and with the problems explained.

http://www.hackerfactor.com/blog/index.php?/archives/761-Exploiting-the-TOR-Browser.html

Child Tickets

Change History (6)

comment:1 Changed 2 years ago by teor

The blog post is wrong about the list: it does exist, it's just not accessible using the mailman interface. We want to publish it on our website, but in a way that doesn't attract user support requests (see #22163).

I will leave the rest of the issues reported in that blog post for the tor browser team.
But I don't think Tor Browser is designed to be undetectable when compared with other browsers.

comment:2 Changed 2 years ago by gk

This is a duplicate of #22163.

comment:3 Changed 2 years ago by gk

Resolution: duplicate
Status: newclosed

comment:4 Changed 2 years ago by Dbryrtfbcbhgf

The vulnerabilities in the blog post were not addressed in this ticket.
http://www.hackerfactor.com/blog/index.php?/archives/761-Exploiting-the-TOR-Browser.html

comment:5 Changed 2 years ago by Dbryrtfbcbhgf

Resolution: duplicate
Status: closedreopened

comment:6 in reply to:  4 Changed 2 years ago by gk

Resolution: duplicate
Status: reopenedclosed

Replying to Dbryrtfbcbhgf:

The vulnerabilities in the blog post were not addressed in this ticket.
http://www.hackerfactor.com/blog/index.php?/archives/761-Exploiting-the-TOR-Browser.html

Yes, because the ticket you filed is about the "report a security bug"-issue. #22137 has the scrollbar one.

Note: See TracTickets for help on using tickets.