[tbb-bugs] #30683 [Applications/Tor Browser]: Properties in dom/locales/$lang/chrome/ allow detecting user locale
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 29 11:11:37 UTC 2019
#30683: Properties in dom/locales/$lang/chrome/ allow detecting user locale
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-fingerprinting-
Severity: Normal | locale
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
z3t reported a bunch of issues on HackerOne regarding detection of user
locale with the help of `dom/locales/$lang/chrome/` properties. PoCs done
by z3t:
`dom/dom.properties`:
https://people.torproject.org/~gk/tests/tor_form_locale_leak.html
`layout/xmlparser.properties`:
https://people.torproject.org/~gk/tests/tor_domparser_locale_leak.html
`layout/MediaDocument.properties`:
https://people.torproject.org/~gk/tests/tor_image_locale_leak.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30683>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list