[tbb-bugs] #13543 [Tor Browser]: Tor Browser 4 loads external plugins

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 23 04:05:31 UTC 2014


#13543: Tor Browser 4 loads external plugins
-----------------------------+--------------------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-fingerprinting
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------
Changes (by cypherpunks):

 * owner:   => tbb-team
 * keywords:   => tbb-fingerprinting
 * component:  - Select a component => Tor Browser


Comment:

 Firefox using several external media [https://mxr.mozilla.org/mozilla-
 esr31/source/content/media/DecoderTraits.cpp#361 engines] (GStreamer
 DirectShow WMF OMX Apple's_MP3), which used to playback media files even
 if browser plugins disabled. Some of them are proprietary software. Even
 if no interface for some of them to deanon users directly, it's still
 vector to exploit bugs, which can't be fixed by Tor Browser update.

 Yet, it's realistic way to fingerprint users, HTML5 allows to enumerate
 supported MIMEtypes/codecs. With simple feedback from `canPlayType` it's
 possible to detect platform and/or used OS version or used version of
 external engine, at least.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13543#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list