[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-gnuzilla] Bug: Default bundled Tor™ Browser Button extension leaks
[Bug-gnuzilla] Bug: Default bundled Tor™ Browser Button extension leaks your IP over DNS requests in default configuration.
Thu, 6 Jun 2019 19:35:21 -0500
This is easy to test, setup the Tor Browser button with the default
configuration in Icecat and access a regular site, which should work.
However if you attempt to access a Tor hidden site the name does not
resolve. This demonstrates that the DNS requests are not going to the
Tor socks proxy like they should be. This can be fixed by setting
network.proxy.socks_remote_dns to true whenever the Tor Browser Button
is enabled, but that does not seem to be the default behavior.
I'm running the latest icecat version packaged for Parabola and the
output of icecat --version is GNU icecat 60.3.0
If solving this is not an easy fix it may be better to disable the
extension, since at the moment users are not secure and their DNS
requests for Tor go directly to their ISP or their local network which
could put them in danger.
- Turner Hall
- [Bug-gnuzilla] Bug: Default bundled Tor™ Browser Button extension leaks your IP over DNS requests in default configuration.,