Skip to content

Tor Browser locale is leaked via title of link tag on non-html page

ryotak reported via our HackerOne bug bounty program that the Tor Browser locale is leaked via the title of the link tag on any non-html page.

For a test ryotak came up with see: https://people.torproject.org/~gk/tests/tor_plaintext_locale_leak.html.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information