The Tor Browser's AppArmor confinement can be bypassed via "Recently Used" files
Originally created by @anonym on #9048 (Redmine)
Steps to reproduce:
- Make GNOME aware of some recently used file, e.g. create a document
in Gedit and save it in
$HOME
or anywhere the Tor Browser shouldn’t be allowed in - Go to some website where you can upload files (the original bug reporter used http://pomf.se)
- In the File Upload dialog, go to Recently Used and select the file (hovering over it will display its full path, indicating that it indeed is outside of the directories the Tor Browser should be allowed to look into)
- Verify that the actual data was uploaded
- Ouch!
Reported by whitanne on #tails.