#24553 closed enhancement (fixed)
Re-enable Alternate Services
| Reported by: | arthuredelstein | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-linkability, ff60-esr, TorBrowserTeam201808 |
| Cc: | mahrud | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Mozilla patched Alternate Services (Alt-Svc) to have first-party isolation:
https://bugzilla.mozilla.org/1334690, effective Firefox 54. We disabled Alt-Svc , but in TBB/ESR59 we can potentially re-enable it.
We also need to examine if there are other related headers or mechanisms that could act as supercookie vectors. (Patrick McManus mentioned alt-used as a possibility.) If there are, then those need to be isolated as well.
Child Tickets
Change History (5)
comment:1 Changed 2 years ago by
| Keywords: | tbb-linkability added |
|---|---|
| Type: | defect → enhancement |
comment:2 Changed 2 years ago by
| Keywords: | ff60-esr added; ff59-esr removed |
|---|
comment:3 Changed 2 years ago by
| Cc: | mahrud added |
|---|
comment:4 Changed 21 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed by commit 36724cc11e94d0dc3094c94f046d76fb5ce44a2b on tor-browser-60.1.0esr-8.0-1.
comment:5 Changed 21 months ago by
| Keywords: | TorBrowserTeam201808 added |
|---|
Note: See
TracTickets for help on using
tickets.
Firefox 60 is the new ESR.