This month I worked on two tickets for the Browser Hacker Trial Contract. The first ticket, #9308 (https://trac.torproject.org/projects/tor/ticket/9308), reported a bug involving the leaking of the Tor Browser's install path on a user's private computer to any website deploying certain JavaScript code. I fixed this bug by writing a C++ patch for tor-browser.git that rewrote the leaked paths so that they no longer reveal private information. The patch was reviewed and included in the 3.6 Tor Browser release.
The second ticket, #10189 (https://trac.torproject.org/projects/tor/ticket/10819), proposed to add a pref in the Tor Browser that enables/disables the isolation of DOM storage data and cached images into silos per URL bar ("first-party") domain. I submitted a C++ patch implementing this pref for tor-browser.git. The patch is currently under review. Arthur Edelstein _______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
