[tbb-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 30 11:16:48 UTC 2017
#24056: UI locale is detectable by button width
------------------------------------------+--------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------------
We got a HackerOne report by xiaoyinl outlining steps to detect the UI
locale of the browser despite the user not changing the `Accept` header:
If one specifies a button `<input type="submit">` without a "value"
property, the default text of the button depends on the UI language. And
the resulting width of the button can be measured.
We should not only focus on that particular button but should look closer
whether other UI parts are suffering from the same problem.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24056>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list