[tbb-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 10 23:30:36 UTC 2014

#13019: New locale fingerprinting capabilities in FF31ESR
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-fingerprinting,
  Browser                |  MikePerry201409R, TorBrowserTeam201410
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |

Comment (by arthuredelstein):

 Replying to [comment:9 mikeperry]:
 > Ok. Is there a reason why there is a 5926+ branch in your repo, but not
 this patch? I was looking at that branch for a while, and it seemed to fix
 these problems but did not use the RegisterCallback/UnregisterCallback, as
 the attachment does.

 Sorry for the confusion -- this was an old branch.

 > I'm a little nervous about the use of free() to free stuff allocated
 with the JS-runtime allocators. They appear to all boil down to the same
 js_free right now, but that may change? Not sure if we should put this as
 an XXX, or what. The JS_Free() calls do not seem to match JS_Strdup used
 by JS_GetDefaultLocale, in that they don't take a JSRuntime as an

 I've updated the patch to use the JS_free() call instead. You're right
 that it doesn't match, but I think it's OK to use nullptr for the
 JSContext here.

 > We also still need to set this new pref in the Torbutton code that sets
 extensions.torbutton.spoof_*, too.

 I've added a patch for torbutton that does this.

 (Please see two patches attached today, 2014-10-10.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13019#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list