[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview,
Actual Points: | GeorgKoppen201404R
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by arthuredelstein):
Replying to [comment:17 gk]:
> Okay, interesting Mozilla folks are doubting that this is a cross-
compile issue (see my filed bug). So, you might want to chime in there and
explain why they are wrong. :)
:) I've written a comment:
https://bugzilla.mozilla.org/show_bug.cgi?id=991522#c5
> That said, the BrowserFeedWriter thing will be fixed in ESR 31
(https://bugzilla.mozilla.org/show_bug.cgi?id=983845). Not sure about the
other test you made. I did not get it to run.
Sorry about that, I mistyped the other example in the comment. It's fixed
now. Try entering
`window.sidebar.addSearchEngine("http://", "http://", null, null);`
in the web console of Tor Browser on Mac or Windows.
I can imagine there are other exceptions that may cause privacy leaks in
the same way, when the startup cache is not precompiled. I think it could
be quite challenging to find every privacy leak of this type. So it's
probably best for TBB get the precompilation step to work on the cross-
compiled targets. So I'm going to try to take the approach you suggested,
of borrowing the native xpcshell from the linux build and providing it to
the Mac and Windows builds.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs