Opened 3 months ago

Last modified 3 months ago

#31035 needs_information defect

Tor leaking info?

Reported by: TorUser777 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I was using Tor 8.5.3 with windows 10, and I also had a Mozilla Firefox window open in addition to Tor. Tor security level was set to "safest".

In Mozilla Fireox, I had just done a search for a word using DuckDuckgo, and that word was still populated in that firefox search window.

When i clicked on an unrelated link using Tor to a "Matrix" download page, I noticed that my search term that I had left in the duckduckgo search window in Mozilla Firefox, was now written in the bottom of my Tor Browser window, below the Matrix item I had clicked on.

How did this cross-application leak occur between regular Firefox and TOR? The Matrix link was totally unrelated to any results of my duckduckgo search in Firefox.

Child Tickets

Change History (2)

comment:1 Changed 3 months ago by nickm

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 3 months ago by gk

Status: newneeds_information

Hm. Is this behavior reproducible? E.g. with different search terms? Could you add a screenshot explaining what "was now written in the bottom of my Tor Browser window, below the Matrix item I had clicked on" means?

In theory both instances should not influence each other although the risk is high that one puts an item of one into the other leaking sensitive information.

Note: See TracTickets for help on using tickets.