Opened 8 years ago

Closed 7 years ago

Last modified 21 months ago

#6734 closed defect (duplicate)

TBB-Firefox sends OS+kernel in update queries to Mozilla

Reported by: rransom Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: tbb-fingerprinting, interview
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


‘echelon’ in #tor reports that TBB-Firefox sends the current OS and kernel version to

2012-08-30 01:23:48 <echelon>

This is at least an information leak, and more seriously, Firefox's ‘extension blocklist’ could be used to disable Torbutton (or other preconfigured extensions) in TBB-Firefox.

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 8 years ago by mikeperry

Priority: criticalmajor

Mozilla's half-assed cert pinning for a.m.o. should make this less of a threat. At any rate, we rely on that pinning for NoScript updates. Downgrading to 'major' for the info leak issues with the OS+Kernel version. Also, if I had to guess, that's probably the build host info, not your current info.

comment:3 in reply to:  2 Changed 8 years ago by cypherpunks


All list of connections without permissions:

comment:4 Changed 8 years ago by mikeperry

Keywords: tbb-fingerprinting interview added
Summary: TBB-Firefox sends extension blocklist queries to MozillaTBB-Firefox sends OS+kernel in update queries to Mozilla

I think that the OS+kernel leak is the more serious issue here. The blocklist concerns are a function of TLS cert pinning weaknesses..

comment:5 Changed 7 years ago by mikeperry

Resolution: duplicate
Status: newclosed

This is a dup of either #6735 or #3555, take your pick.

EDIT: #3555 seems actually to be the wrong ticket.

Last edited 21 months ago by gk (previous) (diff)

comment:6 Changed 21 months ago by skeletonchimp

I have posted about this here:

This issue remains. Can we please fix this?

Note: See TracTickets for help on using tickets.