[tbb-bugs] #13543 [Tor Browser]: Tor Browser 4 loads external plugins
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 23 04:05:31 UTC 2014
#13543: Tor Browser 4 loads external plugins
-----------------------------+--------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Changes (by cypherpunks):
* owner: => tbb-team
* keywords: => tbb-fingerprinting
* component: - Select a component => Tor Browser
Comment:
Firefox using several external media [https://mxr.mozilla.org/mozilla-
esr31/source/content/media/DecoderTraits.cpp#361 engines] (GStreamer
DirectShow WMF OMX Apple's_MP3), which used to playback media files even
if browser plugins disabled. Some of them are proprietary software. Even
if no interface for some of them to deanon users directly, it's still
vector to exploit bugs, which can't be fixed by Tor Browser update.
Yet, it's realistic way to fingerprint users, HTML5 allows to enumerate
supported MIMEtypes/codecs. With simple feedback from `canPlayType` it's
possible to detect platform and/or used OS version or used version of
external engine, at least.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13543#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list