[tbb-bugs] #26605 [Applications/Tor Browser]: investigate window.requestIdleCallback() for possible timing leaks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 26 07:30:44 UTC 2019
#26605: investigate window.requestIdleCallback() for possible timing leaks
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: tbb-
| team
Type: defect | Status: closed
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: tbb-fingerprinting-time-highres, | Actual Points:
ff60-esr, TorBrowserTeam201904 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
A thing to think about. While we don't have ServiceWorkers yet I wonder
whether the following assumption would still hold
{{{
// If there's no window, we're in a system scope, and can just use
// a high-resolution TimeStamp::Now();
auto timestamp = TimeStamp::Now() - TimeStamp::ProcessCreation();
return std::max(mDeadline - timestamp.ToMilliseconds(), 0.0);
}}}
and whether the direct use of `TimeStamp::Now()` would be an issue here.
However, looking at the implementation in
https://bugzilla.mozilla.org/show_bug.cgi?id=1404652 this does indeed be
only exposed to the system context. Thus, we should be fine here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26605#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list