Opened 9 years ago
Closed 5 months ago
#2877 closed defect (fixed)
Prevent TLS state from accumulating in Tor Browser
| Reported by: | mikeperry | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-newnym, tbb-linkability |
| Cc: | gk, lunar@… | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description (last modified by )
We've been accumulating a few TLS issues with Torbutton (#2482). In particular, we need to figure out how to handle user-stored certificates, the intermediate cert store, and STS. Perhaps we just want to block all of these by default for TorBrowser? Perhaps we want an extra confirmation dialog?
STS and the intermediate cert store should definitely be cleared by the New Identity button, though (#523). We currently lack direct Firefox APIs for either of these. https://bugzilla.mozilla.org/show_bug.cgi?id=435159 might help with the latter.
| Ticket | Component | Owner | Summary | Priority | Points |
|---|---|---|---|---|---|
| #2741 | TorBrowserButton | Clear STS in FF4 | High | 6 | |
| #2951 | Firefox Patch Issues | Review permissions manager and certdb source | High | 1 | |
| #2949 | Applications/Tor Browser | Make Intermediate Cert Store Memory-Only for TorBrowser | Medium | 3 | |
| #2950 | Firefox Patch Issues | Make Permissions-Manager memory-only in TorBrowser | Medium | 2 |
Child Tickets
| Ticket | Status | Owner | Summary | Component |
|---|---|---|---|---|
| #2741 | closed | mikeperry | Clear STS in FF4 | TorBrowserButton |
| #2949 | closed | mikeperry | Make Intermediate Cert Store Memory-Only for TorBrowser | Applications/Tor Browser |
| #2950 | closed | mikeperry | Make Permissions-Manager memory-only in TorBrowser | Firefox Patch Issues |
| #2951 | closed | mikeperry | Review permissions manager and certdb source | Firefox Patch Issues |
Change History (17)
comment:1 Changed 9 years ago by
| Type: | defect → enhancement |
|---|
comment:2 Changed 9 years ago by
| Cc: | g.koppen@… added |
|---|
comment:3 Changed 9 years ago by
| Points: | → ? |
|---|
comment:4 Changed 9 years ago by
| Component: | Tor bundles/installation → Tor Browser |
|---|
comment:5 Changed 9 years ago by
| Description: | modified (diff) |
|---|---|
| Type: | enhancement → defect |
comment:6 Changed 9 years ago by
| Cc: | lunar@… added |
|---|
comment:7 Changed 9 years ago by
| Milestone: | → TorBrowserBundle 2.2.x-stable |
|---|
comment:8 Changed 9 years ago by
| Milestone: | TorBrowserBundle 2.2.x-stable |
|---|
comment:9 Changed 7 years ago by
| Parent ID: | #2871 |
|---|
comment:10 Changed 7 years ago by
| Keywords: | tbb-linkability added |
|---|
comment:11 Changed 6 years ago by
| Keywords: | tbb-newnym added |
|---|
comment:12 Changed 6 years ago by
| Keywords: | tbb-firefox-patch added |
|---|
comment:13 Changed 6 years ago by
| Component: | Firefox Patch Issues → Tor Browser |
|---|---|
| Owner: | changed from mikeperry to tbb-team |
comment:14 Changed 4 years ago by
| Keywords: | tbb-linkability tbb-firefox-patch removed |
|---|---|
| Points: | ? |
| Severity: | → Normal |
| Summary: | Prevent TLS state from accumulating in TorBrowser → Prevent TLS state from accumulating in Tor Browser |
comment:15 follow-up: 16 Changed 4 years ago by
| Cc: | gk added; g.koppen@… removed |
|---|---|
| Keywords: | tbb-linkability added |
Please, don't mess with the keywords. Thanks.
comment:16 Changed 4 years ago by
Replying to gk:
Please, don't mess with the keywords. Thanks.
Copied from ticket:2739#comment:13. No mess.
Cc gk added; g.koppen@… removed
Keywords tbb-newnym added; tbb-linkability removed
Severity set to Normal
comment:17 Changed 5 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Let's close this former parent ticket.
This has a lot of child tickets and sub-issues. More investigation into the source is needed. We also need to think about the best approaches for each component..