Open Bug 1900648 Opened 8 months ago Updated 8 months ago

XSLT error messages can leak browser UI language

Tracking

()

Status:

ASSIGNED

People

(Reporter: ma1, Assigned: manuel)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor 42288][fingerprinting])

Attachments

(1 file)

Bug 1900648 - Allow language spoofing in status messages r=#platform-i18n-reviewers 8 months ago Manuel Bucher [:manuel] 48 bytes, text/x-phabricator-request		Details \| Review

Giorgio Maone [:ma1]

Reporter

Description

•

8 months ago

This is https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42288 in Tor Browser.

Actual browser UI locale can be inferred by examining the error message for a failed XSLT.

POC: https://people.torproject.org/~ma1/pbugs/42288/poc/

Peter Van der Beken [:peterv]

Updated

•

8 months ago

Severity: -- → S3

Component: DOM: Core & HTML → XSLT

Manuel Bucher [:manuel]

Assignee

Comment 1

•

8 months ago

Attached file Bug 1900648 - Allow language spoofing in status messages r=#platform-i18n-reviewers — Details

Originally Tor 42288: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42288

Phabricator Automation

Updated

•

8 months ago

Assignee: nobody → manuel

Status: NEW → ASSIGNED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

XSLT error messages can leak browser UI language

Categories

(Core :: XSLT, defect)

Tracking

()

People

(Reporter: ma1, Assigned: manuel)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor 42288][fingerprinting])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Updated

Attachment

General

Description

File Name

Content Type