[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview,
Actual Points: | GeorgKoppen201404R
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by gk):
Replying to [comment:18 arthuredelstein]:
> Replying to [comment:17 gk]:
> > Okay, interesting Mozilla folks are doubting that this is a cross-
compile issue (see my filed bug). So, you might want to chime in there and
explain why they are wrong. :)
>
> :) I've written a comment:
https://bugzilla.mozilla.org/show_bug.cgi?id=991522#c5
>
> > That said, the BrowserFeedWriter thing will be fixed in ESR 31
(https://bugzilla.mozilla.org/show_bug.cgi?id=983845). Not sure about the
other test you made. I did not get it to run.
> Sorry about that, I mistyped the other example in the comment. It's
fixed now. Try entering
> `window.sidebar.addSearchEngine("http://";, "http://";, null, null);`
> in the web console of Tor Browser on Mac or Windows.
That is fixed on mozilla-central as well, yes!! I've not found the
corresponding bug though, yet. So, strictly speaking we could think about
closing this bug now. :) And maybe look at backporting those patches. Not
sure how difficult this is going to be. Maybe they've fixed those leaks in
a more generic way?
> I can imagine there are other exceptions that may cause privacy leaks in
the same way, when the startup cache is not precompiled. I think it could
be quite challenging to find every privacy leak of this type. So it's
probably best for TBB to have the precompilation step to work on the
cross-compiled targets. I'm going to try to take the approach you
suggested, of borrowing the native xpcshell from the linux build and
providing it to the Mac and Windows builds.
The major drawback of this approach is that users can't build Mac or
Windows bundles anymore without compiling the Tor Browser for Linux as
well (and, alas, they'd need both the 32bit and 64bit one)...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs