[tbb-bugs] #18560 [Applications/Tor Browser]: WEBGL_debug_renderer_info extension may leak information about graphics driver

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 29 00:00:10 UTC 2017

#18560: WEBGL_debug_renderer_info extension may leak information about graphics
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting,        |  Actual Points:
  tbb-7.0-must-alpha                             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:  None
Changes (by arthuredelstein):

 * status:  new => needs_review


 In 52ESR, this extension [https://dxr.mozilla.org/mozilla-
 remains disabled] in Beta and Release channels.

 Moreover, in Tor Browser, we [https://gitweb.torproject.org/tor-
 browser-52.1.0esr-7.0-2#n112 have] `pref("webgl.disable-extensions",
 true)`, which means that all webgl extensions are disabled (including

 To be extra sure, I manually confirmed in TBB 7.0a3 that entering
 in a content JS console returns an empty array.

 We could postpone this ticket again to ff59-esr, but as long as we are
 disabling all extensions, I think the conclusion will be the same. Setting
 to needs_review to see if my colleagues want to keep this ticket open.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18560#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list