[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome callers
#7130: Canvas image data is blocked from chrome callers
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Something about how Chrome callers (especially NoScript) can create
canvases can leave them without any window or context for their owner
document for ThirdPartyUtil::GetFirstPartyURI(). In #7128, we just hacked
the GetFirstPartyURI call to return failure, which in turn should block
permissions to the canvas.
However, the ideal solution is probably to either check IsChrome() or
otherwise find some way to exempt NoScript.
It's possible that we break NoScript's ClearClick protections because of
this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7130>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs