[tbb-bugs] #26605 [Applications/Tor Browser]: investigate window.requestIdleCallback() for possible timing leaks

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 26 07:30:44 UTC 2019

#26605: investigate window.requestIdleCallback() for possible timing leaks
 Reporter:  mcs                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  tbb-fingerprinting-time-highres,     |  Actual Points:
  ff60-esr, TorBrowserTeam201904                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by gk):

 A thing to think about. While we don't have ServiceWorkers yet I wonder
 whether the following assumption would still hold
 // If there's no window, we're in a system scope, and can just use
 // a high-resolution TimeStamp::Now();
 auto timestamp = TimeStamp::Now() - TimeStamp::ProcessCreation();
 return std::max(mDeadline - timestamp.ToMilliseconds(), 0.0);
 and whether the direct use of `TimeStamp::Now()` would be an issue here.
 However, looking at the implementation in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1404652 this does indeed be
 only exposed to the system context. Thus, we should be fine here.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26605#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list