[tor-bugs] #9881 [Firefox Patch Issues]: Javascript can create/resize windows to consume the entire desktop
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 1 13:32:48 UTC 2014
#9881: Javascript can create/resize windows to consume the entire desktop
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: needs_review
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-testcase, GeorgKoppen201404R
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by gk):
Replying to [comment:6 cypherpunks]:
> >If valid popup then why it should be with different size, why need to
create yet one properties to identify users?
> Btw, it's hard to do anyway. Any valid popups will be rounded by
Torbutton anyway. Resizing possible with tricks and fraud only. Yet one
reason to disable resizing in general.
Looking at a bunch of Mozilla bugs (299424, 309251, 328492, 454779...) it
seems Mozilla got bitten by that change in the past. While I personally
agree with you that resizing the window after Torbutton rounded it
properly might be a sign of malicious behavior I may just surf the wrong
websites :) That said: What worries me more is disallowing the moving of
popup windows. That seems something to me that is not problematic from a
fingerprintability perspective, yet it would be forbidden with your patch
as kind of collateral damage. And here I can think of useful scenarios,
even if i am currently not aware of a site that moves its popups. I need
to think about it more and would like to get other opinions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9881#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list