Opened 22 months ago

Last modified 17 months ago

#23424 new defect

Stop exposing the moz-icon URL scheme to the web

Reported by: arthuredelstein Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-fingerprinting, ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We should do this if Mozilla doesn't get to it.
https://bugzilla.mozilla.org/show_bug.cgi?id=1222924

Child Tickets

Change History (4)

comment:1 Changed 19 months ago by gk

Keywords: tbb-fingerprinting added

comment:2 Changed 19 months ago by gk

Priority: MediumHigh
Severity: NormalMajor

comment:3 Changed 19 months ago by gk

Keywords: ff59-esr added

It seems we will get this with ESR59. However, we want to check that, while it is not allowed any longer to link to moz-icon URLs, the presence of a moz-icon handler is not leaking, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1222924#c14.

comment:4 Changed 17 months ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

Note: See TracTickets for help on using tickets.