Opened 8 years ago

Last modified 6 months ago

#8558 assigned task

Re-verify app-launching defenses on Windows

Reported by: mikeperry Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Quality Assurance and Testing Version:
Severity: Normal Keywords: tbb-rebase-regression
Cc: runa, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Rsnake claims that some stuff he did 3 years ago still works on TBB. We certainly fixed the two vectors he mentioned (itms and smb) with Torbutton, but it is possible that one or more random things have been broken/undone by FF17. We should retest as many of them as we can, especially on Windows. Especially since Rsnake seems insistent on being as unhelpful as possible :/. Gotta love timewasters....

Most decloaking attacks are based on plugins, which are disabled by a Firefox patch and also by Firefox settings, but the following two attacks should be retested:

  1. "When the iTunes is installed, it registers the itms:// protocol handler. This protocol handler will open iTunes and do a direct connection to the specified URL. There are some restrictions on the URL you can pass, but we found a nice way around them :-)"
  1. "When Microsoft Office is installed and configured to automatically open documents, a file can be returned which automatically downloads an image from the internet. This can bypass proxy settings and expose the real DNS servers of the user."

Unfortunately, is now down, so the exact itms url it used is unavailable (unless the source is still around somewhere).

Also, this test should be verified on Windows:

I think the .NET assistant addon might need to be explicitly installed these days. It used to auto-install with some piece of .NET but then Mozilla blacklisted it. They may have removed the blacklist, though...

Also, we should try some SMB urls on windows. Native Firefox SMB handling appears to be unimplemented still, but it may be possible to shove something in the registry that enables an external handler:

Such external handlers *should* still be blocked by Torbutton, though. They certainly are on MacOS and Linux...

Child Tickets

Change History (4)

comment:1 Changed 8 years ago by mikeperry

Cc: gk added

comment:2 Changed 8 years ago by mikeperry

It probably actually doesn't matter what format of itms url we use. I think that decloak paragraph is referring to creating specially crafted URLs for iTunes to open *after* it has already launched. If we block the launch still, we should be all good.

comment:3 Changed 5 years ago by bugzilla

Owner: changed from cypherpunks to boklm
Severity: Normal
Status: newassigned

What's about the current rebasing?
Is this ticket for Tor Browser component or QA?

comment:4 Changed 6 months ago by gaba

Owner: changed from boklm to tbb-team

Release all this tickets back into tbb-team.

Note: See TracTickets for help on using tickets.