[tor-bugs] #13326 [Tor Browser]: Tor Browser improperly handles Javascript screen properties

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#13326: Tor Browser improperly handles Javascript screen properties
-------------------------+-----------------------------------------------
 Reporter:  vizzdoom     |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+-----------------------------------------------
 Tor Browser improperly handles some Javascript properties.

 {{{screen.height}}} and {{{screen.width}}} are returning
 {{{window.innerHeight}}} and {{{window.innerWidth}}} values.

 It can be used eg. to enumerate Tor Browser globally and ofc. it can break
 some scripts on particular pages.

 Retro steps:
 1) Open Tor Browser
 2) Don't maximize browser window, enable js (if disabled)
 3) Load a web page
 4) Go to Javascript console
 5) Type screen.height
 6) You will see the window height instead of the screen height (eg. 500
 instead of 1080 px in full hd).

 Tested on:
 Tor Browser Bundle 3.6.6 (Firefox ESR 24.8.1) - OS X and Windows 64 bit
 version

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13326>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs