Prevent access to file://

mftbug.surge.sh/

Like above website, Tor Browser(Windows user) must prevent read access to file:// URIs.

added TorBrowserTeam201705 component::applications/tor browser ff52-esr-will-have owner::tbb-team priority::high resolution::fixed severity::normal status::closed type::defect labels

That's fixed with the switch to ESR52. 7.0a4 shows "Security Error: Content at http://mftbug.surge.sh/ may not load or link to file:///C:/$mft/123" in the console and the icon is not showing up.

Trac:
Keywords: N/A deleted, ff52-esr-will-have added
Resolution: N/A to fixed
Status: new to closed

Trac:
Keywords: N/A deleted, TorBrowserTeam201705 added

closed

mentioned in issue #26279 (moved)

moved to tpo/applications/tor-browser#22419 (closed)