[hackerone] block all external protocol handler requests in Tor tabs #4461
Labels
feature/tor/leakproofing
Eliminating unexpected ways that someone using Tor might be unmasked.
feature/tor
priority/P3
The next thing for us to work on. It'll ride the trains.
QA/Test-Plan-Specified
QA/Yes
Milestone
via https://hackerone.com/bugs?subject=brave&report_id=577956
Although opening external protocols triggers a confirmation box, users can be tricked into opening them anyway. Also users who click 'yes' may not be aware that external protocols may leak their real IP.
For defense in depth, it is best to disable external protocols entirely in Tor mode. In b-l we had a whitelisted list of protocols for tor mode: https://github.com/brave/browser-laptop/blob/0155c9ee2fb724fbd5e43c84b8f7e02d0e5b4cf1/app/filtering.js#L107. This should be straightforward to port. Note that the check for whitelisted request protocols must happen before the external protocol handler code runs.
The text was updated successfully, but these errors were encountered: