Re: [tor-bugs] #2819 [Torbutton]: Fix JS Hooks in FF4 using new JS 1.8.5 features

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#2819: Fix JS Hooks in FF4 using new JS 1.8.5 features
----------------------------------------+-----------------------------------
 Reporter:  gk                          |          Owner:  mikeperry
     Type:  defect                      |         Status:  new      
 Priority:  critical                    |      Milestone:           
Component:  Torbutton                   |        Version:           
 Keywords:  MikePerryIteration20110417  |         Parent:           
   Points:  4                           |   Actualpoints:           
----------------------------------------+-----------------------------------

Comment(by gk):

 Replying to [comment:8 mikeperry]:
 > Damnit. You're right. It looks like Firefox totally missed the point of
 these new ES5 features by allowing Components.lookupMethod to bypass them.
 I wonder when this changed. It totally seems like Heiderich was planning
 on relying on the fact that Components.lookupMethod could not bypass these
 protections. There goes his thrown room...
 Indeed, but reading the spec there is actually nothing that prevents
 things like Components.lookupMethod if the configurable flag is set to
 false. Thus, I doubt that Mozilla is to blame in this case.
 > Also, to make things extra fun, you cannot override
 Components.lookupMethod itself, as it is set as non-configurable!
 I almost thought that.
 > I suppose we can just make Components.lookupMethod configurable in our
 fork of Firefox, and then use this to remove it. We also want to remove
 Components.interfaces, because all that does is let you fingerprint which
 Firefox version you have. But guess what: Components.interfaces is also
 not configurable..
 That sounds interesting do you need a hand here? We certainly have
 interest in this kind of project as well but not the means to do it alone.

 There is another issue I have found. It seems possible under certain
 circumstances to unhook things if one produces errors during sandbox
 evaluation. For instance, yesterday I got a lot of errors like "Torbutton
 Exception in sandbox evaluation. Date hooks not applied: syntax error"
 while trying to break the hooks somehow. And indeed, at least the
 innderWidth and innerHeight have been unhooked just because of that
 (unfortunately I did not test all the other hooked properties and
 objects). BUT, I have not had luck to produce that behavior again, let
 alone reliably. Are these errors and its danger a known issue? It seems
 there is some kind of race condition involved, dunno. Guess I have to dig
 deeper into the hooking code...

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2819#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs