Opened 9 years ago
Last modified 3 years ago
#2877 new defect
Prevent TLS state from accumulating in Tor Browser
Reported by: | mikeperry | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | tbb-newnym, tbb-linkability |
Cc: | gk, lunar@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description (last modified by )
We've been accumulating a few TLS issues with Torbutton (#2482). In particular, we need to figure out how to handle user-stored certificates, the intermediate cert store, and STS. Perhaps we just want to block all of these by default for TorBrowser? Perhaps we want an extra confirmation dialog?
STS and the intermediate cert store should definitely be cleared by the New Identity button, though (#523). We currently lack direct Firefox APIs for either of these. https://bugzilla.mozilla.org/show_bug.cgi?id=435159 might help with the latter.
Ticket | Component | Owner | Summary | Priority | Points |
---|---|---|---|---|---|
#2741 | TorBrowserButton | Clear STS in FF4 | High | 6 | |
#2951 | Firefox Patch Issues | Review permissions manager and certdb source | High | 1 | |
#2739 | Applications/Tor Browser | Clear Memory-Only Intermeditate Cert Store | Medium | ||
#2949 | Applications/Tor Browser | Make Intermediate Cert Store Memory-Only for TorBrowser | Medium | 3 | |
#2950 | Firefox Patch Issues | Make Permissions-Manager memory-only in TorBrowser | Medium | 2 |
Child Tickets
Ticket | Status | Owner | Summary | Component |
---|---|---|---|---|
#2739 | new | tbb-team | Clear Memory-Only Intermeditate Cert Store | Applications/Tor Browser |
#2741 | closed | mikeperry | Clear STS in FF4 | TorBrowserButton |
#2949 | closed | mikeperry | Make Intermediate Cert Store Memory-Only for TorBrowser | Applications/Tor Browser |
#2950 | closed | mikeperry | Make Permissions-Manager memory-only in TorBrowser | Firefox Patch Issues |
#2951 | closed | mikeperry | Review permissions manager and certdb source | Firefox Patch Issues |
Change History (16)
comment:1 Changed 9 years ago by
Type: | defect → enhancement |
---|
comment:2 Changed 9 years ago by
Cc: | g.koppen@… added |
---|
comment:3 Changed 9 years ago by
Points: | → ? |
---|
comment:4 Changed 9 years ago by
Component: | Tor bundles/installation → Tor Browser |
---|
comment:5 Changed 9 years ago by
Description: | modified (diff) |
---|---|
Type: | enhancement → defect |
comment:6 Changed 9 years ago by
Cc: | lunar@… added |
---|
comment:7 Changed 8 years ago by
Milestone: | → TorBrowserBundle 2.2.x-stable |
---|
comment:8 Changed 8 years ago by
Milestone: | TorBrowserBundle 2.2.x-stable |
---|
comment:9 Changed 7 years ago by
Parent ID: | #2871 |
---|
comment:10 Changed 7 years ago by
Keywords: | tbb-linkability added |
---|
comment:11 Changed 6 years ago by
Keywords: | tbb-newnym added |
---|
comment:12 Changed 5 years ago by
Keywords: | tbb-firefox-patch added |
---|
comment:13 Changed 5 years ago by
Component: | Firefox Patch Issues → Tor Browser |
---|---|
Owner: | changed from mikeperry to tbb-team |
comment:14 Changed 3 years ago by
Keywords: | tbb-linkability tbb-firefox-patch removed |
---|---|
Points: | ? |
Severity: | → Normal |
Summary: | Prevent TLS state from accumulating in TorBrowser → Prevent TLS state from accumulating in Tor Browser |
comment:15 follow-up: 16 Changed 3 years ago by
Cc: | gk added; g.koppen@… removed |
---|---|
Keywords: | tbb-linkability added |
Please, don't mess with the keywords. Thanks.
comment:16 Changed 3 years ago by
Replying to gk:
Please, don't mess with the keywords. Thanks.
Copied from ticket:2739#comment:13. No mess.
Cc gk added; g.koppen@… removed
Keywords tbb-newnym added; tbb-linkability removed
Severity set to Normal
This has a lot of child tickets and sub-issues. More investigation into the source is needed. We also need to think about the best approaches for each component..