Tor Browser can access tmp, all directories.
Originally created by @uipwer on #9766 (Redmine)
When you do not choose download the file, but open the file,
Tor Browser allows you to browse whole file system structure,
including home directory, recently used files, tmp and so on.
- Is this safe?
- Why allow Tor Browser to see all of it?
- Can you assure everyone this will never be exploitable?
Screenshot proving it.
Or try it yourself. Choose open the file and in this case with verifying
key you can browse all your files on the system.
Why not force user to be able to browse only Tor Browser directory while ‘opening’ in this case verifying key? Logic would say we would force ALL files accessible by Tor Browser should be (and probably every user knows it) in the Tor Browser directory
related to: AppArmor profiles, or maybe Tor Browser itself.
Attachments
Edited by Ghost User