Opened 3 months ago

Closed 3 weeks ago

Last modified 2 weeks ago

#31065 closed defect (fixed)

Set network.proxy.allow_hijacking_localhost to true

Reported by: acat Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff68-esr, tbb-9.0-must-alpha, TorBrowserTeam201909R
Cc: Actual Points: 0.05
Parent ID: Points: 0.25
Reviewer: Sponsor: Sponsor44-can

Description

https://bugzilla.mozilla.org/1507110 disables proxying localhost even when network.proxy.no_proxies_on is empty. We now need to also set allow_hijacking_localhost=true in order to avoid websites being able to access local network.

Child Tickets

Change History (8)

comment:1 Changed 7 weeks ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:2 Changed 3 weeks ago by gk

Keywords: tbb-9.0-must-alpha added

comment:3 Changed 3 weeks ago by pili

Points: 0.25

comment:5 Changed 3 weeks ago by acat

Status: newneeds_review

comment:6 Changed 3 weeks ago by gk

Looks good. I cherry-picked the patch to tor-browser-68.1.0esr-9.0-2 (commit 5b5b014217a2df562ea4551ae68d0bc267cedf97).

FWIW: I was pondering removing the network.proxy.no_proxies_on now that it's by default set to "". However, I thought we might want to leave it in as a defense-in-depth.

comment:7 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201909R added
Resolution: fixed
Status: needs_reviewclosed

comment:8 Changed 2 weeks ago by acat

Actual Points: 0.05
Note: See TracTickets for help on using tickets.