[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome callers

To: undisclosed-recipients:;
Subject: [tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome callers
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 17 Oct 2012 08:48:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Oct 2012 04:48:25 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7130: Canvas image data is blocked from chrome callers
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry
     Type:  defect                |         Status:  new      
 Priority:  normal                |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------
 Something about how Chrome callers (especially NoScript) can create
 canvases can leave them without any window or context for their owner
 document for ThirdPartyUtil::GetFirstPartyURI(). In #7128, we just hacked
 the GetFirstPartyURI call to return failure, which in turn should block
 permissions to the canvas.

 However, the ideal solution is probably to either check IsChrome() or
 otherwise find some way to exempt NoScript.

 It's possible that we break NoScript's ClearClick protections because of
 this issue.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7130>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome (such as NoScript's ClearClick) (was: Canvas image data is blocked from chrome callers)
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #7129 [Tor]: circuit_end_reason_to_control_string(): Bug: Unrecognized reason code 13
Next by Author: Re: [tor-bugs] #7128 [TorBrowserButton]: Tor Browser crashes when clicking on link
Previous by thread: Re: [tor-bugs] #7129 [Tor]: circuit_end_reason_to_control_string(): Bug: Unrecognized reason code 13
Next by thread: Re: [tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome (such as NoScript's ClearClick) (was: Canvas image data is blocked from chrome callers)
Index(es):
- Author
- Thread