[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 16 22:27:35 UTC 2015
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------------------------+-------------------------
Reporter: TemporaryNick | Owner:
Type: defect | arthuredelstein
Priority: High | Status:
Component: Tor Browser | assigned
Severity: Major | Milestone:
Keywords: tbb-fingerprinting, | Version:
TorBrowserTeam201510 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
Replying to [comment:10 teor]:
> Replying to [comment:9 arthuredelstein]:
> > Replying to [comment:7 gk]:
> > > Good stuff! I thought we already had a defense against this but I
could not find anything so far.
> >
> > It's interesting that `navigator.mimeTypes.length == 0`. So one would
have thought it didn't have any members.
>
> It seems that a partial anti-enumeration design is in place, but only
against positional iteration. (As well as setting
`navigator.mimeTypes.length` to `0`, all indexes of the form
`navigator.mimeTypes[0]` return `undefined`.)
Unfortunately, the anti-enumeration protection which was introduced in
this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=757726
was removed in Firefox 41:
https://bugzilla.mozilla.org/show_bug.cgi?id=1169945
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list