[tor-bugs] #13027 [Tor Browser]: Make WebWorkers use spoofed navigator.* useragent values
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 4 13:46:19 UTC 2014
#13027: Make WebWorkers use spoofed navigator.* useragent values
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
mikeperry | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-easy, tbb-
Browser | fingerprinting, TorBrowserTeam201409Easy
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gacar):
It seems worker calls doesn't listen to prefs because they are treated as
chrome calls.
I debugged `NS_GetNavigator*` methods that are used to
[https://mxr.mozilla.org/mozilla-
esr24/source/dom/workers/RuntimeService.cpp#1170 initialize
WorkerNavigator] and confirmed that `IsCallerChrome()` returns true for
worker scripts (check esp. [https://mxr.mozilla.org/mozilla-
esr24/source/dom/base/Navigator.cpp#1673 1], [https://mxr.mozilla.org
/mozilla-esr24/source/dom/base/Navigator.cpp#1717 2]).
This also explains why useragent matches between worker and global
context: there's no
`IsCallerChrome()` check in [https://mxr.mozilla.org/mozilla-
esr24/source/netwerk/protocol/http/nsHttpHandler.cpp#548
nsHttpHandler.cpp] where useragent value comes from.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13027#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list