Pier Angelo Vendrame pushed to branch base-browser-115.9.1esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits: 5c690113 by Pier Angelo Vendrame at 2024-04-08T12:51:54+02:00 fixup! Firefox preference overrides.
Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth.
We will have to revert this during the ESR-transition.
- - - - - d1e8e6ba by Pier Angelo Vendrame at 2024-04-08T12:51:55+02:00 Bug 42428: Make RFP spoof the timezone of document.lastModified.
- - - - - a975b00f by Pier Angelo Vendrame at 2024-04-08T12:51:56+02:00 Bug 42472: Spoof timezone in XSLT.
- - - - -
3 changed files:
- browser/app/profile/001-base-profile.js - dom/base/Document.cpp - dom/xslt/xslt/txEXSLTFunctions.cpp
Changes:
===================================== browser/app/profile/001-base-profile.js ===================================== @@ -397,6 +397,9 @@ pref("browser.display.use_system_colors", false); // Enforce non-native widget theme (true by default, defense in depth). // Provides a uniform look and feel across platforms. Added with tor-browser#41496. pref("widget.non-native-theme.enabled", true); +// tor-browser#41676: Set the TZ environment variable as a defense-in-depth. +// TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. +pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
// tor-browser#41943: lock and revisit after it gets flipped to true in stable Firefox pref("javascript.options.spectre.disable_for_isolated_content", false, locked);
===================================== dom/base/Document.cpp ===================================== @@ -4103,10 +4103,11 @@ void Document::SetDocumentURI(nsIURI* aURI) { } }
-static void GetFormattedTimeString(PRTime aTime, +static void GetFormattedTimeString(PRTime aTime, bool aUniversal, nsAString& aFormattedTimeString) { PRExplodedTime prtime; - PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime); + PR_ExplodeTime(aTime, aUniversal ? PR_GMTParameters : PR_LocalTimeParameters, + &prtime); // "MM/DD/YYYY hh:mm:ss" char formatedTime[24]; if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d", @@ -4124,7 +4125,9 @@ void Document::GetLastModified(nsAString& aLastModified) const { if (!mLastModified.IsEmpty()) { aLastModified.Assign(mLastModified); } else { - GetFormattedTimeString(PR_Now(), aLastModified); + GetFormattedTimeString(PR_Now(), + ShouldResistFingerprinting(RFPTarget::Unknown), + aLastModified); } }
@@ -11053,7 +11056,8 @@ void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) {
mLastModified.Truncate(); if (modDate != 0) { - GetFormattedTimeString(modDate, mLastModified); + GetFormattedTimeString( + modDate, ShouldResistFingerprinting(RFPTarget::Unknown), mLastModified); } }
===================================== dom/xslt/xslt/txEXSLTFunctions.cpp ===================================== @@ -591,7 +591,14 @@ nsresult txEXSLTFunctionCall::evaluate(txIEvalContext* aContext, // http://exslt.org/date/functions/date-time/
PRExplodedTime prtime; - PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime); + PR_ExplodeTime( + PR_Now(), + // We are not allowed to access the Document when evaluating this, so + // fall back to the general function. + nsContentUtils::ShouldResistFingerprinting(RFPTarget::Unknown) + ? PR_GMTParameters + : PR_LocalTimeParameters, + &prtime);
int32_t offset = (prtime.tm_params.tp_gmt_offset + prtime.tm_params.tp_dst_offset) /
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9cd4e95...
tbb-commits@lists.torproject.org