[tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 7 00:56:56 UTC 2014
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_review
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview,
Actual Points: | GeorgKoppen201404R
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by arthuredelstein):
I've confirmed the two Mozilla bugs involved in fixing the
BrowserFeedWriter and sidebar privacy leaks are:
1. "Stop exposing BrowserFeedWriter to the Web",
https://bugzilla.mozilla.org/show_bug.cgi?id=983845 (as mentioned by gk,
above)
patch: https://hg.mozilla.org/mozilla-central/rev/1843b4167806
and
2. "Port window.sidebar and window.external to WebIDL",
https://bugzilla.mozilla.org/show_bug.cgi?id=983920
patch: https://hg.mozilla.org/mozilla-central/rev/d9e6a6c40a57
I tested Firefox nightlies immediately before and after each of these
patches and confirmed that the each leak is stopped by the respective
patch.
It's interesting to note that these two Mozilla bugs are part of a larger
project, "Hunt down all the things that implement DOM_OBJECT classinfo in
JS", https://bugzilla.mozilla.org/show_bug.cgi?id=981845 .
My next step is to try backporting these patches to tor-browser.git.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list