[tbb-bugs] #24208 [Applications/Tor Browser]: Backport 1415488
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 15 21:10:31 UTC 2017
#24208: Backport 1415488
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting, | Actual Points:
TorBrowserTeam201711 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
I do believe that ticket may not be filed correctly as it appears they are
reporting a ua leak with a preview build of ff 57. Fwiw I tested
win64/linux64 builds of ff 57. The linux build being
57.0+build4-0ubuntu0.16.04.5 from mozilla ppa as my distro did not provide
the upgrade option. I could not reproduce the bug by fiddling with
resistfingerprinting or http-proxy.
For TBB I checked 7.0.9, and 7.0.10 and could not reproduce the bug by
fiddling with resistfingerprinting or the ua override. Since TBB doesn't
use http-proxy I did not test that configuration. It's still interesting
to note Mozilla has had issues with resistfingerprinting overriding ua
before through transitory interaction with other components like dom. It
looks like *if* the ua override preference exists, it will currently have
the final word, and fortunately TBB makes it's presence mandatory.
In other words resistfingerprinting cannot currently set/unset the ua at
all in TBB, but that may only be because the ua override pref gets
priority and cannot be removed accidently. To be safe you could patch
resistfingerprinting such that if that priority ever gets confused it
cannot set a ua.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24208#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list