Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

[hackerone] file:// URL issue #14664

Closed
diracdeltas opened this issue Jul 5, 2018 · 2 comments · Fixed by #14665
Closed

[hackerone] file:// URL issue #14664

diracdeltas opened this issue Jul 5, 2018 · 2 comments · Fixed by #14665
Assignees
@diracdeltas @riastradh-brave
Labels
feature/tor QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release/blocking release-notes/include security tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal
Milestone
0.23.x Release 3 ...

Comments

@diracdeltas
Copy link
Member

diracdeltas commented Jul 5, 2018
edited
Loading

https://hackerone.com/bugs?subject=brave&report_id=377618&

test plan:

  1. open tor tab
  2. go to a file:// URL that exists on your system
  3. nothing should happen
  4. open regular tab, try step 2
  5. the file should open now
@diracdeltas diracdeltas added security feature/tor tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal labels Jul 5, 2018
@diracdeltas
Copy link
Member Author

discussed in slack. desired fix is to block all protocols in tor tabs except a whitelist.

diracdeltas added a commit that referenced this issue Jul 5, 2018
@diracdeltas
Only allow whitelisted protocols to load in tor tabs
9759cc3 
fix #14664
@diracdeltas diracdeltas mentioned this issue Jul 5, 2018
Merged
10 tasks
diracdeltas added a commit that referenced this issue Jul 6, 2018
@diracdeltas
Only allow whitelisted protocols to load in tor tabs
2e345b0 
fix #14664
This was referenced Jul 10, 2018
Closed
Closed
Closed
@LaurenWags
Copy link
Member

LaurenWags commented Jul 10, 2018
edited by GeetaSarvadnya
Loading

Verified with macOS 10.12.6 using

  • 0.23.32 1d1df96
  • Muon 7.1.5
  • libchromiumcontent 67.0.3396.103

screen shot 2018-07-10 at 10 11 19 am

Verified on Windows x64 with

  • 0.23.32 1d1df96
  • Muon 7.1.5
  • libchromiumcontent 67.0.3396.103
    Note: Only shows the above message when I try to paste in the URL on Tor tab.

Verified on Ubutnu 17.10 x64

  • 0.23.32 1d1df96
  • Muon 7.1.5
  • libchromiumcontent 67.0.3396.103

Verified on Windows x64 with
• 0.23.34 a471718
• Muon 7.1.6
• libchromiumcontent 67.0.3396.103

Verified on Windows x64 with
• 0.23.37 47b1b59
• Muon 7.1.6
• libchromiumcontent 67.0.3396.103

@kjozwiak kjozwiak mentioned this issue Jul 17, 2018
Closed
@bsclifton bsclifton mentioned this issue Aug 14, 2018
Closed
@jumde jumde mentioned this issue Oct 1, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@diracdeltas diracdeltas

@riastradh-brave riastradh-brave

Labels
feature/tor QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release/blocking release-notes/include security tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal
Projects
None yet
Milestone
0.23.x Release 3 (Release Channel)
Development

Successfully merging a pull request may close this issue.

Only allow whitelisted protocols to load in tor tabs brave/browser-laptop
6 participants
@diracdeltas @bsclifton @srirambv @LaurenWags @riastradh-brave @btlechowski