[tbb-bugs] #28374 [Applications/Tor Browser]: ensure RequestStorageId cannot be accessed remotely
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 7 20:19:25 UTC 2018
#28374: ensure RequestStorageId cannot be accessed remotely
-------------------------------------+-------------------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-
Severity: Normal | fingerprinting,ff60-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
In https://bugzilla.mozilla.org/show_bug.cgi?id=1420836 (for Firefox 59),
Mozilla added a GMP API that appears to return a machine identifier (maybe
based on MAC address). Is there any chance this could be accessed by a
remote site and used as a unique fingerprint? Or do we disable enough of
EME/GMP code that this is not a concern?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28374>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list