[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11333 [Tor Browser]: Audit requestAnimationFrame() and possible timing attacks

Subject: Re: [tor-bugs] #11333 [Tor Browser]: Audit requestAnimationFrame() and possible timing attacks
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 10 Dec 2014 11:59:17 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Dec 2014 06:59:29 -0500
In-reply-to: <042.69ed5d6e8859c50a6ccc07adf0395b41@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.69ed5d6e8859c50a6ccc07adf0395b41@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11333: Audit requestAnimationFrame() and possible timing attacks
-----------------------------+-------------------------------
     Reporter:  gk           |      Owner:  tbb-team
         Type:  task         |     Status:  new
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-firefox-patch
Actual Points:               |  Parent ID:  #3059
       Points:               |
-----------------------------+-------------------------------

Comment (by gk):

 Replying to [comment:1 gk]:
 > The SVG filter attack got fixed in Fx22
 (https://bugzilla.mozilla.org/show_bug.cgi?id=711043) and testing the PoC
 for the link repainting attack to extract browsing history
 (https://bugzilla.mozilla.org/show_bug.cgi?id=884270) indicates it does
 not work against TBB based on ESR24.

 Well, that was wrong the PoC works both against Tor Browser based on ESR24
 and ESR31 provided one is leaving private browsing mode.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11333#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #11335 [Stem]: Tests for example scripts
Next by Author: Re: [tor-bugs] #13797 [Tor Browser]: building tor-browser.git on Mac (non-cross-compiled) is broken
Previous by thread: Re: [tor-bugs] #11333 [Tor Browser]: Audit requestAnimationFrame() and possible timing attacks
Next by thread: Re: [tor-bugs] #10570 [Tor Browser]: allow PDF.js to access canvas (without warning dialog)
Index(es):
- Author
- Thread