This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-102.4.0esr-12.0-1 in repository tor-browser.
commit a01b29d93482e6a0c57edef419eccfffb2f316e0 Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Mon Sep 19 12:57:40 2022 +0200
Bug 41116: Normalize system fonts.
System fonts are an enormous fingerprinting vector. Even with font allow lists and with our custom configuration on Linux, which counter metrics measurements, getComputedStyle leaks several details. This patch counters both these kinds of attacks. --- widget/nsXPLookAndFeel.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/widget/nsXPLookAndFeel.cpp b/widget/nsXPLookAndFeel.cpp index 3cc2c561dbc5..8791038a2a3f 100644 --- a/widget/nsXPLookAndFeel.cpp +++ b/widget/nsXPLookAndFeel.cpp @@ -1000,6 +1000,17 @@ widget::LookAndFeelFont nsXPLookAndFeel::StyleToLookAndFeelFont(
bool nsXPLookAndFeel::GetFontValue(FontID aID, nsString& aName, gfxFontStyle& aStyle) { + if (nsContentUtils::ShouldResistFingerprinting()) { +#ifdef XP_MACOSX + aName = u"-apple-system"_ns; +#else + aName = u"sans-serif"_ns; +#endif + aStyle = gfxFontStyle(); + aStyle.size = 12; + return true; + } + if (const LookAndFeelFont* cached = sFontCache.Get(aID)) { return LookAndFeelFontToStyle(*cached, aName, aStyle); }