Opened 2 years ago

Last modified 2 years ago

#22693 new defect

Connection not secure OS leak

Reported by: Dbryrtfbcbhgf Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I try to create a account on a onion site I get a message that says "connection is not secure logins entered here can be compromised." When I click on the dialog it links me to a support article, but the link shows my real OS, Darwin. Here is the link that

https://support.mozilla.org/1/firefox/52.2.0/Darwin/en-US/insecure-password

info on Darwin
https://en.wikipedia.org/wiki/Darwin_%28operating_system%29

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by gk

Priority: Very HighMedium
Severity: CriticalNormal

The link shows your real OS because Firefox constructs it internally before showing your the Learn More option. The base URL is the value of app.support.baseURL and %VERSION% etc. are replaced according to your system before shown to you.

Now the question is can the website, where the message is displayed, learn that as well?

See as well #21321.

Note: See TracTickets for help on using tickets.