brmlab

User Tools

Site Tools

You are here: Hackerspace Prague » Projects » Spyzilla
project:spyzilla

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
project:spyzilla [2021/02/10 19:07] – [Thunderbird] thunderbird sends attachment filenames, username and profile name to Google jendaproject:spyzilla [2021/02/11 04:07] – [Thunderbird] format: force wrap; link to source jenda
Line 207: Line 207:
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
  
-{"type":"deletion-request","id":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX","creationDate":"2021-02-10T18:55:32.926Z","version":4,"application":{"architecture":"x86-64","buildId":"20210203182138","name":"Thunderbird","version":"78.7.1","displayVersion":"78.7.1","vendor":"","platformVersion":"78.7.0","xpcomAbi":"x86_64-gcc3","channel":"default"},"payload":{"scalars":{}},"clientId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"}+{"type":"deletion-request","id":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX","creationDate":"2021-02-10T18:55:32.926Z","version":4,"application": 
 +{"architecture":"x86-64","buildId":"20210203182138","name":"Thunderbird","version":"78.7.1","displayVersion":"78.7.1","vendor":"","platformVersion":"78.7.0","xpcomAbi":"x86_64-gcc3","channel":"default"}, 
 +"payload":{"scalars":{}},"clientId":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"}
 </code> </code>
  
-When you open an attachment (tested with PDF), the following request is sent, leaking username, profile name and attachment filename (and probably more, I don't know what's in the binary data):+When you open an attachment (tested with PDF), the following request is sent, leaking username, profile nameattachment filename and attachment SHA-256 hash (as raw binary data in the middle):
  
 <code> <code>
Line 234: Line 236:
 000000f0  2e 70 64 66 50 00 5a 05  65 6e 2d 55 53           |.pdfP.Z.en-US| 000000f0  2e 70 64 66 50 00 5a 05  65 6e 2d 55 53           |.pdfP.Z.en-US|
 </code> </code>
-To disable this, remove browser.safebrowsing.downloads.remote.url in about:config.+To disable this, remove browser.safebrowsing.downloads.remote.url in about:config. [[https://searchfox.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1711|Link to source where this happens.]]
 ===== Firefox for Android ===== ===== Firefox for Android =====
  
project/spyzilla.txt · Last modified: 2022/12/24 16:23 by jenda