Opened 13 months ago

Last modified 13 months ago

#27452 new defect

"New Identity" does not properly clear state of the find bar

Reported by: nsuchy Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-newnym
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I noticed an issue with Tor Browser on macOS which likely affects Tor Browser on other platforms. The issue being that pressing "New Identity" does not properly clear state of the find bar.

Steps to reproduce:
1) Open Tor Browser
2) Press control-f ("command-f" on macOS) to bring up the find bar
3) Type something into the find bar.
4) Press new identity
5) Press control-f ("command-f" on macOS) again to bring up the find bar. See that the previously searched text remains in the box.

Tor Browser Alpha:
Per arma's suggestion on IRC I tested this in Tor Browser Alpha (This build: https://people.torproject.org/~gk/builds/8.0-build5/tor-browser-linux64-8.0_en-US.tar.xz) on Linux. The bug is partially fixed. However if you click "highlight all" after entering text in the search box and then press new identity, press control-f again, the text is cleared, but the "highlight all" state remains.

User Impact:
This appears to be an issue resetting state of the find bar. It's unclear whether a website can access this information using Javascript, with or without user interaction. It's also unclear how long this information could persist. This could potentially reveal during a forensic search on a computer the last thing the user searched for on a page, but not what page they searched on.

It is worth investigating for other components which are not properly reset after clicking "New Identity".

Screenshots:

Child Tickets

Change History (6)

comment:1 Changed 13 months ago by gk

Keywords: tbb-newnym added

comment:2 Changed 13 months ago by nsuchy

In Tor Browser 8.5 Alpha 1 the issue returns back to how it acted in Tor Browser 7 where the text also is not cleared again.

comment:3 in reply to:  2 ; Changed 13 months ago by gk

Replying to nsuchy:

In Tor Browser 8.5 Alpha 1 the issue returns back to how it acted in Tor Browser 7 where the text also is not cleared again.

Interesting. I tried with a clean 8.5a1 on Linux and the issue is not back as it were in Tor Browser 7. 8.5a1 behaves the same way as 8.0 for me. Additionally, Match Case is reset for me with New Identity but not the other two options.

comment:4 Changed 13 months ago by mcs

Possibly a duplicate of #14139.

comment:5 in reply to:  3 Changed 13 months ago by nsuchy

Replying to gk:

Replying to nsuchy:

In Tor Browser 8.5 Alpha 1 the issue returns back to how it acted in Tor Browser 7 where the text also is not cleared again.

Interesting. I tried with a clean 8.5a1 on Linux and the issue is not back as it were in Tor Browser 7. 8.5a1 behaves the same way as 8.0 for me. Additionally, Match Case is reset for me with New Identity but not the other two options.

Can you try this on macOS that's where I'm experiencing the bug?

comment:6 in reply to:  4 Changed 13 months ago by nsuchy

Replying to mcs:

Possibly a duplicate of #14139.

Just tested and the search terms aren't being shared with Google Chrome. I don't think this is a duplicate.

Note: See TracTickets for help on using tickets.