[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16874 [Tor Browser]: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on Windows

Subject: Re: [tor-bugs] #16874 [Tor Browser]: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on Windows
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 17 Sep 2015 03:30:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Sep 2015 23:30:56 -0400
In-reply-to: <042.7237ac4bec8f2785dffad81caef9cc1b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.7237ac4bec8f2785dffad81caef9cc1b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16874: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on
Windows
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  tbb-team
         Type:  defect   |     Status:  new
     Priority:  normal   |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  tbb-usability-website,
   Resolution:           |  tbb-5.0-regression, TorBrowserTeam201509
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 I'm unfamiliar with the new Services.scriptloader.loadSubScript API, but
 looking it up, it seems common for people to use
 https://developer.mozilla.org/en-
 US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.Sandbox with
 it still, to cause the script to evaluate with content privileges..

 Are you sure that what you did with XPCNativeWrapper.unwrap() instead is
 safe there?

 There's two main sources of risk when doing stuff like this:
  1. Adding Intl.js from chrome could cause the Intl.js expandos to
 actually have chrome privileges inside the content window. This seems
 unlikely, but again I'm not sure.
  2. The polyfill itself may be running with chrome privs when installing
 itself, which means that if it touches an unwrapped window property, it
 may be induced to execute content code (in the form of a getter/setter,
 perhaps) that way, in a privileged setting.

 For some reason, I can't seem to find any documentation on either of these
 risks. Perhaps that's because this new API is magically safe no matter how
 you use it? Maybe this is a question for #security on irc.mozilla.org,
 and/or some testing?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16874#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16874 [Tor Browser]: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on Windows
Next by Author: Re: [tor-bugs] #16983 [Tor Browser]: Favicon requests not isolated if one opens the tab list dropdown
Previous by thread: Re: [tor-bugs] #16874 [Tor Browser]: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on Windows
Next by thread: Re: [tor-bugs] #16874 [Tor Browser]: https://sports.yahoo.com/dailyfantasy is broken with Tor Browser 5.0 on Windows
Index(es):
- Author
- Thread