[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview,
Actual Points: | GeorgKoppen201404R
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by arthuredelstein):
I've added a new patch that fixes the original vulnerability reported in
this ticket (BrowserFeedWriter). Because the patch,
âhttps://hg.mozilla.org/mozilla-central/rev/e9ea1662020a, requires a
number of previous patches, a full backport would be rather complex. But
we can get a workable fix simply by imitating the patch's removal of a
single line. Deleting this line excises the BrowserFeedWriter constructor
from the global JavaScript "window" API. Without the BrowserFeedWriter
constructor, the privacy-leaking JS exception is no longer triggerable.
I have opened a separate ticket, #11433, reporting the sidebar bug.
Unfortunately the sidebar bug requires a more complex backport. I have a
second, unrelated bug I need to work on, so I'll postpone fixing the
sidebar issue until after that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs