Opened 3 years ago

Last modified 3 years ago

#23424 new defect

Stop exposing the moz-icon URL scheme to the web

Reported by: arthuredelstein Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-fingerprinting, ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


We should do this if Mozilla doesn't get to it.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by gk

Keywords: tbb-fingerprinting added

comment:2 Changed 3 years ago by gk

Priority: MediumHigh
Severity: NormalMajor

comment:3 Changed 3 years ago by gk

Keywords: ff59-esr added

It seems we will get this with ESR59. However, we want to check that, while it is not allowed any longer to link to moz-icon URLs, the presence of a moz-icon handler is not leaking, see:

comment:4 Changed 3 years ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

Note: See TracTickets for help on using tickets.