Opened 6 years ago

Last modified 2 years ago

#9924 new defect

Firefox bug - TBB queries the A record of the hostname of the machine it is running on.

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-firefox-patch, tbb-proxy-bypass
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When Firefox starts, it does a DNS query for the A record of the hostname of the machine it is running on.

If that hostname resolves to a public IP address, then Firefox will have information that could be used to deanonymize the user, and it is unclear what Firefox is doing with that information or why it needs to collect it.

This query is not done via Tor, it uses the system resolver, even when using TBB. This was discovered by configuring BIND to log queries and running tail -f on the query log while starting TBB Firefox and regular Firefox, which each exhibit this behavior shortly after starting.

Some quick google searching seems to indicate that I am not the only person who has noticed this. Many people seem to have trouble getting Firefox to start if their machine's hostname does not resolve. I found one bug in the Mozilla bug tracker (sorry, I can't find it back again to note the number), where someone was complaining of exactly this, but the response was a denial that the behavior was happening.

This should be looked into and it should be confirmed that nothing nefarious or negligent is being done with the result of that DNS query.

Child Tickets

Change History (8)

comment:1 Changed 6 years ago by mikeperry

What OS and desktop are you running?

The fact that this is bypassing the Firefox proxy settings and DNS service (which we disable) makes me think it is actually a desktop component that is doing the resoltion (possibly on Firefox's behalf).

comment:2 Changed 5 years ago by erinn

Keywords: tbb-firefox-patch added

comment:3 Changed 5 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:4 Changed 3 years ago by bugzilla

Keywords: tbb-proxy-bypass added
Severity: Normal
Summary: Firefox queries the A record of the hostname of the machine it is running on.Firefox bug - TBB queries the A record of the hostname of the machine it is running on.

HIPS detects that TBB (firefox.exe) uses RPC / DNS Client Service on Windows during initialization. Probably, for that.

comment:5 Changed 3 years ago by gk

Status: newneeds_information

cypherpunks: Is that still an issue? If so, do you have logs (pcaps) for that? A couple of days ago I checked Tor Browser start-up on a Windows machine and no DNS resolution outside of Tor showed up

comment:6 in reply to:  5 ; Changed 2 years ago by cypherpunks

Status: needs_informationnew

Replying to gk:

cypherpunks: Is that still an issue? If so, do you have logs (pcaps) for that? A couple of days ago I checked Tor Browser start-up on a Windows machine and no DNS resolution outside of Tor showed up

It was done by DNS Client service, and Tor Browser got it through IPC from the DNS Client cache.

comment:7 in reply to:  6 Changed 2 years ago by gk

Status: newneeds_information

Replying to cypherpunks:

Replying to gk:

cypherpunks: Is that still an issue? If so, do you have logs (pcaps) for that? A couple of days ago I checked Tor Browser start-up on a Windows machine and no DNS resolution outside of Tor showed up

It was done by DNS Client service, and Tor Browser got it through IPC from the DNS Client cache.

Do you have steps to reproduce that behavior? That would allow us to figure out what is going on and whether we need to fix that behavior.

comment:8 Changed 2 years ago by cypherpunks

Status: needs_informationnew

Tor Browser does this during every startup. You can disable DNS Client service to make Tor Browser do DNS requests instead of IPC calls. (But it is blocked by your defenses though.)

Last edited 2 years ago by cypherpunks (previous) (diff)
Note: See TracTickets for help on using tickets.