TBB proxy bypass: Some DNS requests not going through Tor
Observed behaviour:
When visiting certain websites, for example "http://bitcoincharts.com", with JavaScript enabled, a DNS request for the domain is made without going through Tor. This website is the only one I know of there it happens. This is when running the latest Tor Browser Bundle, properly verified against the gpg signature.
Enabling NoScript to block all JavaScript seems to make the DNS request go away. This was verified by restarting Tor and then disabling JavaScript before visiting the site.
Expected behaviour:
No DNS request should be made through the normal internet, everything should go through Tor. The DNS requests leak information of which sites you are browsing in your Tor Browser.
How to reproduce:
- Download and verify "tor-browser-gnu-linux-i686-2.2.35-10-dev-en-US.tar.gz"
- Start up Wireshark to monitor your network, optionally filtering for "dns"
- Unpack Tor and start it by running the "start-tor-browser" script
- Once TorBrowser is open, go to "http://bitcoincharts.com/"
- See DNS request for "bitcoincharts.com" being logged in Wireshark
System information:
Tor Browser Bundle for 32-bit Linux, version 2.2.35-10 Running on Fedora 16
Other:
This is not the first time some rarely triggered bug in Firefox causes Tor to be bypassed, and certainly will not be the last one. Since these bugs have a very high security impact I propose they are guarded against. How about running Firefox inside some kind of firewall that drops all network packets not going to Tor?