Closed
Bug 1433507
Opened 3 years ago
Closed 2 years ago
GIO protocols can leak the user's IP
Categories
(Core :: Networking, enhancement, P5)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | fixed |
People
(Reporter: arthur, Assigned: arthur)
References
(Blocks 1 open bug)
Details
(Whiteboard: [tor 23044][necko-triaged])
Attachments
(1 file)
|
1.49 KB,
patch
|
mayhemer
:
review+
|
Details | Diff | Splinter Review |
GIO is a potential proxy bypass vector. In Tor Browser we have the following patch: https://torpat.ch/23044 And the ticket is: https://trac.torproject.org/23044 We'd like to propose uplifting the C++ part of this patch, behind the --enable-proxy-bypass-protection build flag.
|
||
Comment 1•3 years ago
|
||
Feel free to submit a patch for review here.
Assignee: nobody → arthuredelstein
Priority: -- → P5
Whiteboard: [tor 23044] → [tor 23044][necko-triaged]
|
Assignee | |
Comment 2•3 years ago
|
||
Attachment #8948837 -
Flags: review?(honzab.moz)
|
|
||
Comment 3•2 years ago
|
||
Comment on attachment 8948837 [details] [diff] [review] 0001-Bug-1433507-Forbid-GIO-supported-protocols-by-defaul.patch Review of attachment 8948837 [details] [diff] [review]: ----------------------------------------------------------------- pending on how MOZ_PROXY_BYPASS_PROTECTION def is implemented, this OK for me.
Attachment #8948837 -
Flags: review?(honzab.moz) → review+
|
|
Assignee | |
Comment 4•2 years ago
|
||
Thanks. Here's the current implementation. Does this look OK to you? https://dxr.mozilla.org/mozilla-central/rev/0ac953fcddf10132eaecdb753d72b2ba5a43c32a/toolkit/moz.configure#1215
Flags: needinfo?(honzab.moz)
Pushed by dluca@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/848c2234cb27 Forbid GIO supported protocols by default with --proxy-bypass-protection r=mayhemer
Keywords: checkin-needed
|
||
Comment 8•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/848c2234cb27
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
You need to log in
before you can comment on or make changes to this bug.
Description
•