Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#22419 closed defect (fixed)

Prevent access to file://

Reported by: cypherpunks Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr-will-have, TorBrowserTeam201705
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

mftbug.surge.sh/

Like above website, Tor Browser(Windows user) must prevent read access to file:// URIs.

Child Tickets

Change History (2)

comment:1 Changed 2 years ago by gk

Keywords: ff52-esr-will-have added
Resolution: fixed
Status: newclosed

That's fixed with the switch to ESR52. 7.0a4 shows "Security Error: Content at http://mftbug.surge.sh/ may not load or link to file:///C:/$mft/123" in the console and the icon is not showing up.

comment:2 Changed 2 years ago by gk

Keywords: TorBrowserTeam201705 added
Note: See TracTickets for help on using tickets.