Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,003
    • Issues 1,003
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 3
    • Merge requests 3
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #7561
Closed
Open
Created Nov 24, 2012 by Georg Koppen@gkDeveloper

Contents of FTP requests are cached and not isolated to the URL bar origin

Contents of FTP requests can get cached but are currently not isolated to the URL bar origin which contradicts the goal of section 3.5.2 of the Tor Browser design documentation. The relevant code is here: https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/ftp/nsFtpConnectionThread.cpp

There are two things to note:

  1. This caching is working a bit differently than the familiar HTTP caching. E.g. are there no E-Tags, no headers involved which makes a scalable exploitation much harder (that's the only reason why I think the prio is normal) IMO.

  2. Furthermore, only directory listings can get cached, not "normal" files like CSS or JS files loaded via FTP.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking