Disable FoxyProxy's proxy:// protocol handler
FoxyProxy adds the
Note: even if a user can be tricked to accept such a re-configuration which would, e.g. disable proxying completely, our firewall would block deanonymization. However, the proxy settings could be changed to side-step our stream isolation, which isn't good.
See http://getfoxyproxy.org/developers/proxyprotocol.html for details.
Disable FoxyProxy's proxy:// protocol handler. (Closes: #7479)
FoxyProxy adds the proxy:// protocol handler, which can be used to
configure the proxy via an URI. A malicious webpage can include (or a
URI and disable or otherwise change Iceweasel's proxy settings.
While using this to disable proxying will be dealt with safely by our
firewall, this could be used to defeat stream isolation, although the
use must be tricked into accepting the new proxy settings.
#1 Updated by anonym over 5 years ago
- Status changed from Confirmed to In Progress
- Priority changed from Normal to Elevated
- Target version set to Tails_1.1
- % Done changed from 0 to 50
- QA Check set to Ready for QA
- Feature Branch set to feature/7479-disable-proxy-protocol-handler
Without the fix, visiting
proxy://host=foo.com&port=1234 will prompt if the user wants to change the proxy settings. With the fix, nothing happens.
Bumping to "elevated" due to the stream isolation attack.