[tor-bugs] #7130 [Firefox Patch Issues]: Canvas image data is blocked from chrome callers
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Oct 17 08:48:12 UTC 2012
#7130: Canvas image data is blocked from chrome callers
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Something about how Chrome callers (especially NoScript) can create
canvases can leave them without any window or context for their owner
document for ThirdPartyUtil::GetFirstPartyURI(). In #7128, we just hacked
the GetFirstPartyURI call to return failure, which in turn should block
permissions to the canvas.
However, the ideal solution is probably to either check IsChrome() or
otherwise find some way to exempt NoScript.
It's possible that we break NoScript's ClearClick protections because of
this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7130>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list