Opened 7 months ago

Closed 5 months ago

Last modified 7 weeks ago

#31065 closed defect (fixed)

Set network.proxy.allow_hijacking_localhost to true

Reported by: acat Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff68-esr, tbb-9.0-must-alpha, TorBrowserTeam201909R, BugSmashFund
Cc: Actual Points: 0.05
Parent ID: Points: 0.25
Reviewer: Sponsor:

Description disables proxying localhost even when network.proxy.no_proxies_on is empty. We now need to also set allow_hijacking_localhost=true in order to avoid websites being able to access local network.

Child Tickets

Change History (10)

comment:1 Changed 6 months ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:2 Changed 5 months ago by gk

Keywords: tbb-9.0-must-alpha added

comment:3 Changed 5 months ago by pili

Points: 0.25

comment:5 Changed 5 months ago by acat

Status: newneeds_review

comment:6 Changed 5 months ago by gk

Looks good. I cherry-picked the patch to tor-browser-68.1.0esr-9.0-2 (commit 5b5b014217a2df562ea4551ae68d0bc267cedf97).

FWIW: I was pondering removing the network.proxy.no_proxies_on now that it's by default set to "". However, I thought we might want to leave it in as a defense-in-depth.

comment:7 Changed 5 months ago by gk

Keywords: TorBrowserTeam201909R added
Resolution: fixed
Status: needs_reviewclosed

comment:8 Changed 4 months ago by acat

Actual Points: 0.05

comment:9 Changed 7 weeks ago by pili

Keywords: BugSmashFund added

BugSmashFund can be used for the ESR work done so far

comment:10 Changed 7 weeks ago by pili

Sponsor: Sponsor44-can

Sponsor 44 only covered PM and Team Lead work

Note: See TracTickets for help on using tickets.