#24553 closed enhancement (fixed)
Re-enable Alternate Services
Reported by: | arthuredelstein | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | tbb-linkability, ff60-esr, TorBrowserTeam201808 |
Cc: | mahrud | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Mozilla patched Alternate Services (Alt-Svc) to have first-party isolation:
https://bugzilla.mozilla.org/1334690, effective Firefox 54. We disabled Alt-Svc , but in TBB/ESR59 we can potentially re-enable it.
We also need to examine if there are other related headers or mechanisms that could act as supercookie vectors. (Patrick McManus mentioned alt-used as a possibility.) If there are, then those need to be isolated as well.
Child Tickets
Change History (5)
comment:1 Changed 2 years ago by
Keywords: | tbb-linkability added |
---|---|
Type: | defect → enhancement |
comment:2 Changed 23 months ago by
Keywords: | ff60-esr added; ff59-esr removed |
---|
comment:3 Changed 17 months ago by
Cc: | mahrud added |
---|
comment:4 Changed 16 months ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed by commit 36724cc11e94d0dc3094c94f046d76fb5ce44a2b on tor-browser-60.1.0esr-8.0-1
.
comment:5 Changed 16 months ago by
Keywords: | TorBrowserTeam201808 added |
---|
Note: See
TracTickets for help on using
tickets.
Firefox 60 is the new ESR.