[tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 3 19:50:27 UTC 2014 

#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
     Reporter:  cypherpunks          |      Owner:  mikeperry
         Type:  defect               |     Status:  needs_review
     Priority:  critical             |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-easy, interview,
Actual Points:                       |  GeorgKoppen201404R
       Points:                       |  Parent ID:
-------------------------------------+-------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:19 gk]:
 > Replying to [comment:18 arthuredelstein]:
 > > Replying to [comment:17 gk]:
 > > Sorry about that, I mistyped the other example in the comment. It's
 fixed now. Try entering
 > > `window.sidebar.addSearchEngine("http://", "http://", null, null);`
 > > in the web console of Tor Browser on Mac or Windows.
 >
 > That is fixed on mozilla-central as well, yes!! I've not found the
 corresponding bug though, yet. So, strictly speaking we could think about
 closing this bug now. :) And maybe look at backporting those patches. Not
 sure how difficult this is going to be. Maybe they've fixed those leaks in
 a more generic way?

 How do you know it's fixed? Did you check on a CROSS_COMPILEd version?

 > > I can imagine there are other exceptions that may cause privacy leaks
 in the same way, when the startup cache is not precompiled. I think it
 could be quite challenging to find every privacy leak of this type. So
 it's probably best for TBB to have the precompilation step to work on the
 cross-compiled targets. I'm going to try to take the approach you
 suggested, of borrowing the native xpcshell from the linux build and
 providing it to the Mac and Windows builds.
 >
 > The major drawback of this approach is that users can't build Mac or
 Windows bundles anymore without compiling the Tor Browser for Linux as
 well (and, alas, they'd need both the 32bit and 64bit one)...

 That's the reason why I was trying to get the second patch to work. But
 then you persuaded me I should get the precompile step to work. ;)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list