[tor-bugs] #1517 [Tor Browser]: Provide JS with reduced time precision
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 9 03:20:18 UTC 2015
#1517: Provide JS with reduced time precision
-------------------------+-------------------------------------------------
Reporter: | Owner:
mikeperry | Status: closed
Type: | Milestone:
enhancement | Version:
Priority: major | Keywords: backport-to-mozilla, tbb-torbutton,
Component: Tor | tbb-fingerprinting-time-highres, ff38-esr,
Browser | TorBrowserTeam201505R, PearlCrescent201505R
Resolution: fixed | Parent ID:
Actual Points: |
Points: 10 |
-------------------------+-------------------------------------------------
Changes (by mikeperry):
* status: needs_review => closed
* resolution: => fixed
Comment:
I looked into this more, and noticed one case where ToSeconds() was
exposed to content. AnimationFrame events have an elapsedTime field. I
truncated that timestamp to millisecond accuracy (though in reality, the
timestamps were varying by as much as 20ms for me).
I didn't see any other leaks to content by either ToSeconds or
ToMilliseconds.. I pushed this to tor-browser-31.7.0esr-5.0-1 for 5.0a1 as
commit dcd5fcc102a3eb19c20013542fa3ca399db66da4.
Calling this 'fixed' for now, but I imagine we'll have a fun time testing
everything and deciding what to do about breakage, and we'll want to
revisit this for ff38-esr.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1517#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list