commit e462f9d9eb505b5e724ec64a52280c70210cf5eb Author: Georg Koppen <gk@torproject.org> Date: Wed May 29 12:29:19 2019 +0000 Bug 30541: Disable WebGL readPixel() for web content --- dom/canvas/WebGLContextGL.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dom/canvas/WebGLContextGL.cpp b/dom/canvas/WebGLContextGL.cpp index cab33ba626f2..2d4d9d8d16a4 100644 --- a/dom/canvas/WebGLContextGL.cpp +++ b/dom/canvas/WebGLContextGL.cpp @@ -1137,6 +1137,14 @@ bool WebGLContext::ReadPixels_SharedPrecheck(CallerType aCallerType, return false; } + // Security check passed, but don't let content readPixel calls through for + // now, if Resist Fingerprinting Mode is enabled. + if (nsContentUtils::ResistFingerprinting(aCallerType)) { + GenerateWarning("readPixels: Not allowed in Resist Fingerprinting Mode"); + out_error.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return false; + } + return true; }