Opened 4 months ago

Closed 3 weeks ago

#30657 closed defect (fixed)

Tor Browser locale is leaked via title of link tag on non-html page

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale, ff68-esr-will-have
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor44-can

Description (last modified by gk)

ryotak reported via our HackerOne bug bounty program that the Tor Browser locale is leaked via the title of the link tag on any non-html page.

For a test ryotak came up with see: https://people.torproject.org/~gk/tests/tor_plaintext_locale_leak.html.

Child Tickets

Change History (6)

comment:1 Changed 4 months ago by gk

Description: modified (diff)
Summary: Tor Browser locale is leaked via title of link tag on 404 error pageTor Browser locale is leaked via title of link tag on non-html page

comment:2 Changed 4 months ago by Thorin

FWIW: this behavior (or at least the PoC) stopped working as of FF68+, so you should be good to go in the next ESR cycle. It returns a blank.

Last edited 4 months ago by Thorin (previous) (diff)

comment:3 in reply to:  2 Changed 4 months ago by gk

Keywords: ff68-esr-will-have added

Replying to Thorin:

FWIW: this behavior (or at least the PoC) stopped working as of FF68+, so you should be good to go in the next ESR cycle. It returns a blank.

Interesting, I wonder what bugfix on Mozilla's side is responsible for that...

comment:4 Changed 2 months ago by Thorin

The error is 68+ is

Security Error: Content at https://people.torproject.org/~gk/tests/test.txt may not load or link to resource://content-accessible/plaintext.css.

If I'm following this correctly:

However, the last bugzilla is css, enhancement: and I wouldn't be surprised if it got reverted again. IDK, I just want to make sure that's it's a permanent [edit: and full] solution

Last edited 2 months ago by Thorin (previous) (diff)

comment:5 Changed 7 weeks ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:6 Changed 3 weeks ago by gk

Resolution: fixed
Status: newclosed

9.0a6, which is about to get built, is based on ESR 68, so closing.

Note: See TracTickets for help on using tickets.