Skip to content

MacOS Sequoia 15.0.1 Tor Browser 14.0 Failing Improperly For Inaccessible Onion Links

From https://hackerone.com/reports/2804919.

I can't reproduce on Linux, and I don't have a recent macOS system to test, therefore /cc @dan @clairehurst

Looking at the logs and at the screenshots, though, it seems to be a Tor executable crash: @pierov , who else would you suggest to be CCed? Thanks!

Summary:

On MacOS Sequoia 15.0.1 the Tor Browser 14.0 crashes if you click on any inaccessible onion link.

Steps To Reproduce:

[add details for how we can reproduce the issue]

  1. On MacOS Sequoia 15.0.1, open Tor Browser 14.0
  2. Connect with no bridge
  3. Visit "https://daunt.link/"
  4. Click "Dread"
  5. Open both Dread onion links. One will fail and the browser will crash. @ 11:45 am MDT.
  6. NOTE - This is a specific example, but ANY inaccessible onion link will crash the browser.

Supporting Material/References:

Tor Browser Logs.

2024-10-25 17:38:41.042 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2024-10-25 17:38:42.595 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2024-10-25 17:38:42.596 [NOTICE] Opened Socks listener connection (ready) on 127.0.0.1:9150
2024-10-25 17:38:43.087 [NOTICE] Bootstrapped 5% (conn): Connecting to a relay
2024-10-25 17:38:43.202 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
2024-10-25 17:38:43.362 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
2024-10-25 17:38:43.811 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
2024-10-25 17:38:43.812 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
2024-10-25 17:38:43.813 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
2024-10-25 17:38:43.813 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
2024-10-25 17:38:44.590 [NOTICE] Bootstrapped 100% (done): Done

Browser Console Logs (Dread Onion link)

SecurityLevel: Listening for messages from NoScript. SecurityLevel.sys.mjs:242:12
SecurityLevel: Initializing security-prefs.js SecurityLevel.sys.mjs:343:10
SecurityLevel: security-prefs.js initialization complete SecurityLevel.sys.mjs:377:10
TorConnect: Initial's run is done TorConnect.sys.mjs:169:19
TorConnect: Configuring's run is done TorConnect.sys.mjs:169:19
TorConnect: Bootstrapping's run is done TorConnect.sys.mjs:169:19
TorConnect: Bootstrapping 0% complete (starting) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 5% complete (conn) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 10% complete (conn_done) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 14% complete (handshake) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 15% complete (handshake_done) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 75% complete (enough_dirinfo) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 90% complete (ap_handshake_done) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 95% complete (circuit_create) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapping 100% complete (done) TorConnect.sys.mjs:924:17
TorConnect: Bootstrapped's run is done TorConnect.sys.mjs:169:19
TorProcess: The watched Tor process exited with code -9. TorProcess.sys.mjs:182:16
TorProcess: Tor exited suddenly. TorProcess.sys.mjs:198:12
InvalidStateError: JSWindowActorParent.sendAsyncMessage: JSWindowActorParent cannot send at the moment TorConnectParent.sys.mjs:139
    observe resource://gre/actors/TorConnectParent.sys.mjs:139
    _changeState resource://gre/modules/TorConnect.sys.mjs:914
    InterpretGeneratorResume self-hosted:1417
    AsyncFunctionNext self-hosted:804
    openPromptSync resource://gre/modules/Prompter.sys.mjs:1060
    confirmEx resource://gre/modules/Prompter.sys.mjs:1488
    confirmEx resource://gre/modules/Prompter.sys.mjs:302
    showConfirm resource://gre/modules/TorLauncherUtil.sys.mjs:365
    showRestartPrompt resource://gre/modules/TorLauncherUtil.sys.mjs:408
    #torExited resource://gre/modules/TorProviderBuilder.sys.mjs:179
    <anonymous> resource://gre/modules/TorProvider.sys.mjs:746
    #processExitedUnexpectedly resource://gre/modules/TorProcess.sys.mjs:199
    #watchProcess resource://gre/modules/TorProcess.sys.mjs:191
    InterpretGeneratorResume self-hosted:1417
    AsyncFunctionNext self-hosted:804
TorConnect: Configuring's run is done TorConnect.sys.mjs:169:19
Error: The control socket has been closed: onInputStreamReady called without available bytes. TorControlPort.sys.mjs:620:19
Error: Control port connection not available. 2 TorProvider.sys.mjs:122:13
  • [attachment / reference]

image

image

Edited by Pier Angelo Vendrame