[tor-bugs] #13027 [Tor Browser]: Ensure WebWorkers see spoofed navigator.* values
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 2 09:53:43 UTC 2014
#13027: Ensure WebWorkers see spoofed navigator.* values
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
mikeperry | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-easy, tbb-testcase,
Browser | tbb-fingerprinting, TorBrowserTeam201409Easy
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gacar):
It seems there's a problem here: WebWorker side has access to unspoofed
values of `appVersion` and `platform`. I tested with the attached html +
js on both 32bit and 64bit Linux.
platform (32bit Linux) = Linux i686 (should be Win32)
platform (64bit Linux) = Linux x86_64 (should be Win32)
appVersion = 5.0 (X11) - (should be 5.0 (Windows))
There are only four properties available in navigator object on the worker
side and two of them (`userAgent` and `appName`) match the spoofed values.
It suspect the sweetspot is `Create` method in
`dom/workers/Navigator.cpp`(1), which calls `STRING_TO_JSVAL`(2) to
populate navigator properties:
1: https://mxr.mozilla.org/mozilla-
esr24/source/dom/workers/Navigator.cpp#78
2: https://mxr.mozilla.org/mozilla-esr24/source/js/public/Value.h#1778
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13027#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list