Opened 7 weeks ago

Last modified 6 weeks ago

#30657 new defect

Tor Browser locale is leaked via title of link tag on non-html page

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale, ff68-esr-will-have
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

ryotak reported via our HackerOne bug bounty program that the Tor Browser locale is leaked via the title of the link tag on any non-html page.

For a test ryotak came up with see: https://people.torproject.org/~gk/tests/tor_plaintext_locale_leak.html.

Child Tickets

Change History (3)

comment:1 Changed 7 weeks ago by gk

Description: modified (diff)
Summary: Tor Browser locale is leaked via title of link tag on 404 error pageTor Browser locale is leaked via title of link tag on non-html page

comment:2 Changed 6 weeks ago by Thorin

FWIW: this behavior (or at least the PoC) stopped working as of FF68+, so you should be good to go in the next ESR cycle. It returns a blank.

Last edited 6 weeks ago by Thorin (previous) (diff)

comment:3 in reply to:  2 Changed 6 weeks ago by gk

Keywords: ff68-esr-will-have added

Replying to Thorin:

FWIW: this behavior (or at least the PoC) stopped working as of FF68+, so you should be good to go in the next ESR cycle. It returns a blank.

Interesting, I wonder what bugfix on Mozilla's side is responsible for that...

Note: See TracTickets for help on using tickets.