[tor-bugs] #2819 [Torbutton]: Fix JS Hooks in FF4 using new JS 1.8.5 features
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Apr 6 07:10:57 UTC 2011
#2819: Fix JS Hooks in FF4 using new JS 1.8.5 features
----------------------------------------+-----------------------------------
Reporter: gk | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: Torbutton | Version:
Keywords: MikePerryIteration20110417 | Parent:
Points: 4 | Actualpoints:
----------------------------------------+-----------------------------------
Comment(by mikeperry):
Damnit. You're right. It looks like Firefox totally missed the point of
these new ES5 features by allowing Components.lookupMethod to bypass them.
I wonder when this changed. It totally seems like Heiderich was planning
on relying on the fact that Components.lookupMethod could not bypass these
protections. There goes his thrown room...
Also, to make things extra fun, you cannot override
Components.lookupMethod itself, as it is set as non-configurable!
I suppose we can just make Components.lookupMethod configurable in our
fork of Firefox, and then use this to remove it. We also want to remove
Components.interfaces, because all that does is let you fingerprint which
Firefox version you have. But guess what: Components.interfaces is also
not configurable..
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2819#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list