Re: [tor-bugs] #23393 [Applications/Tor Browser]: All tabs often crash when closing one tab

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#23393: All tabs often crash when closing one tab
-------------------------------------------------+-------------------------
 Reporter:  SaturnusDJ                           |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-e10s, tbb-crash,                 |  Actual Points:
  TorBrowserTeam201709R, GeorgKoppen201709       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mcs):

 * cc: brade, mcs (added)
 * status:  assigned => needs_review
 * keywords:  tbb-e10s, tbb-crash, TorBrowserTeam201709, GeorgKoppen201709
     => tbb-e10s, tbb-crash, TorBrowserTeam201709R, GeorgKoppen201709


Comment:

 I am not sure if there is just one underlying cause for this bug, but here
 is a fix for one scenario:
  https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug23393-01

 The steps to reproduce are:
 1. Open https://www.google.com/ in a tab.
 2. Open https://developer.mozilla.org/samples/video/chroma-key/index.xhtml
 in a second tab.
 3. Click to play the video.
 4. After the canvas prompt is showing and while the video is still
 playing, close the tab.

 The developer.mozilla.org page tries repeatedly to extract canvas data,
 which means the canvas prompt codepath is being exercised over and over
 again, even while the tab is closing. This leads to an error in the
 main/parent process, after which it kills the content (child) process. I
 don't think this is exploitable from a security perspective, but it is
 disruptive if you have a few tabs open.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23393#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs