Opened 4 years ago

Last modified 3 years ago

#8706 new defect

.recently-used.xbel contains filenames if browser stored them to disk

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: backport-to-mozilla, tbb-disk-leak, tbb-firefox-patch
Cc: runa, starlight.2015q1@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle on Debian Linux (#8166) showed that the file ~/.recently-used.xbel contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz, as well as the time and date it was added, modified, and visited.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by cypherpunks

Component: Tor bundles/installationFirefox Patch Issues
Keywords: backport-to-mozilla tbb-disk-leak added
Owner: changed from erinn to mikeperry
Summary: .recently-used.xbel contains TBB filename (Debian Linux).recently-used.xbel contains filenames if browser stored them to disk

A forensic analysis of the Tor Browser Bundle on Debian Linux (#8166) showed that the file ~/.recently-used.xbel contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz, as well as the time and date it was added, modified, and visited.

This item was saved not by Tor Browser process but download manager or whatever that used to save bundle to disk. You can't prevent this item to appear by Tor Browser intervention if it doesn't exist yet.

But this file contains Tor Browser's stuff too, when user saves any files to disk, includes html pages.
Look at Midori, it prevents unwanted stuff. Firefox in private mode should to prevent that stuff too. If not then Tor Browser need to be patched separately.

comment:2 Changed 3 years ago by erinn

Keywords: tbb-firefox-patch added

comment:3 Changed 3 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:4 Changed 3 years ago by starlight

Cc: starlight.2015q1@… added
Note: See TracTickets for help on using tickets.