Opened 7 years ago

Closed 7 years ago

#5296 closed defect (invalid)

Tor Browser Bundle leaks version info

Reported by: proper Owned by: mikeperry
Priority: Medium Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://svn.torproject.org/svn/check/trunk/cgi-bin/TorCheck.py it includes "There is a security update available for the Tor Browser Bundle." I saw that message live already.

How can check.torproject.org find out the Tor Browser Bundle version? This is not documented.

If check.torproject.org can do it, can other websites get the information as well?

Child Tickets

Change History (1)

comment:1 Changed 7 years ago by Sebastian

Resolution: invalid
Status: newclosed

TBB fetches a file from check which lists the versions, compares its own version against that and if it needs an upgrade fetches the special "there's an upgrade available" page from check. Check never gets to learn which version you were on before, and neither does another website.

Please stop using trac as a user support tool.

Note: See TracTickets for help on using tickets.