Opened 21 months ago
Last modified 21 months ago
#25484 new defect
document.referrer leaks hidden service to clearnet service.
Reported by: | kkm | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
Onion services might implement third-parties via clearnet like https://www.nytimes3xbfgragh.onion/
loads https://securepubads.g.doubleclick.net/
.
Most of the times, these third-party scripts collects referrer via document.referrer
. In these cases document.referrer
gives access to the onion url, which is then sent to these third-parties.
Although, Tor does prevent sending referrer to clearnet sites on click(https://trac.torproject.org/projects/tor/ticket/9623), but in cases explained above, this does not hold true.
Also, because these third-parties also sends the current URL home, even in that case onion service URL is sent.
Child Tickets
Attachments (2)
Change History (3)
Changed 21 months ago by
Changed 21 months ago by
Attachment: | url-document-ref.png added |
---|
comment:1 Changed 21 months ago by
Component: | - Select a component → Applications/Tor Browser |
---|---|
Owner: | set to tbb-team |