[tor-bugs] #12150 [Firefox Patch Issues]: Fonts limit bypass with iframes
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 28 23:51:24 UTC 2014
#12150: Fonts limit bypass with iframes
----------------------------------+---------------------------
Reporter: jaedo | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
It is possible to bypass max font using iframe (also object/frame i
guess),
1st demo shows that each iframe instance has own max_font.
If you create many iframes with less than max_fonts in each, it not reset
window.parent fonts.
http://pastebin.com/raw.php?i=MkqVQv8x
2nd, full bruteforce script with 512 fonts array.
It dynamically creates many iframes with N fonts in each.
Each iframe separately executes typical js/css detection mmmmlliii script
with a short given set of fonts, and sends offsetWidth/Heights to parent
script via postMessage.
Parent script collect all answers and then compare results.
http://pastebin.com/raw.php?i=D8DWb47X
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12150>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list