Opened 6 years ago

Last modified 17 months ago

#8213 new defect

spoof history.length - browser.sessionhistory.max_entries

Reported by: proper Owned by: tbb-team
Priority: Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, tbb-torbutton
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

ip-check.info demonstrated, history.length can be read.

They recommend:

The number of visited pages should be reset to 2 whenever you change to a new domain.

Open about:config and set browser.sessionhistory.max_entries to 2.

What about doing this with TorButton?

Child Tickets

Change History (4)

comment:1 Changed 6 years ago by gk

Cc: g.koppen@… added

Setting "browser.sessionhistory.max_entries" to "2" is not worth the usability issues, I think (wearing a user hat). There should be a smarter approach.

comment:2 Changed 6 years ago by mikeperry

Keywords: tbb-linkability added
Priority: normalminor

At best this is a minor cross-origin linkability issue.

comment:3 Changed 5 years ago by erinn

Component: TorBrowserButtonTor Browser
Keywords: tbb-torbutton added
Owner: changed from mikeperry to tbb-team

comment:4 Changed 17 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.