[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] bug

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] bug
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Mon, 12 Sep 2016 14:55:43 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Sep 2016 15:56:18 -0400
In-reply-to: <20160912144157.6FF91D5C0E@emkei.cz>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20160912144157.6FF91D5C0E@emkei.cz>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

On 9/12/2016 9:41 AM, xuzixatem@xxxxxxxxxxxxx wrote:

https://www.browserleaks.com/firefox

it can be used for both fingerprinting (different users use different OS setups or different Tor versions) and exploiting software vulnerabilities because when attacker don’t know your OS or browser version they don’t know what payload can do the thing that if be used incorrectly will show a download warning that compromises their valuable malware to citizenlab like groups.

Using TBB, I looked at the link - browserleak.com/firefox - with JSdisabled. The code that supposedly detects values in firefox.js givingaway the OS.


10. var el = document.createElement("script");
11.      el.type = "text/javascript";
12.      el.onload = load;
13.      el.onerror = err;
14. document.head.appendChild(el);
15.      el.src = "resource:///defaults/preferences/firefox.js";
16. }
17.

18. var pref,
19.      sticky_pref,
20.      os;
21.

22. pref = sticky_pref = function(key, val) {
23. if (!os)
24. if (key == "browser.gesture.pinch.out" && val == "cmd_fullZoomEnlarge")
25.              os = "Windows";
26. else if (key == "browser.backspace_action" && val == "2")
27.              os = "Linux";
28. else if (key == "browser.gesture.pinch.threshold" && val == "150")
29.              os = "Mac";
30. var include = function(load, err) {
31. }
32.

33. include(function() {
34. console.log( "OS: " + (os ? os : "unknown") );
35. },function() {
36. console.log( "OS: n/a (not a Firefox)" );
37. });
38. </script>

The prefs & values the code is querying appears in about:config, aswould many firefox.js settings.

Question for devs / Firefox experts: many prefs are reported to sitesso they can display content, but are they allowed to access everysetting in about:config - default or user set?

This can't be correct.  That would make users very unique.

Is this bug somehow supposed to allow only querying firefox.js values &no other files? Why is that? If allowed access to firefox.js, why notall firefox files?









--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] bug
  - From: xuzixatem

Prev by Author: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Next by Author: Re: [tor-talk] Running a relay for some months
Previous by thread: [tor-talk] bug
Next by thread: [tor-talk] Question - NoScript ClearClick bug
Index(es):
- Author
- Thread