[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 29 15:33:13 UTC 2015
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------------------------+-------------------------
Reporter: TemporaryNick | Owner:
Type: defect | arthuredelstein
Priority: High | Status:
Component: Tor Browser | needs_revision
Severity: Major | Milestone:
Keywords: tbb-fingerprinting, | Version:
TorBrowserTeam201510R | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Changes (by gk):
* status: needs_review => needs_revision
Comment:
First round of comments:
1) You probably want to do something like `#include "nsContentUtils.h"` in
nsPluginArray.cpp, too (I wonder how you got it compiled without
actually).
2) I don't understand
{{{
// TODO: The following line should be active in Firefox 45
+ // isnot(navigator.mimeTypes.length, 0, "navigator.mimeTypes array
should be 0");
}}}
.
What does it mean? We don't need that test yet? If so, why not? Or does it
mean we can't run that test right now because XXX would break it? If so
what fixes this (Do you have a bug number?)? And does it mean we are save
for now with respect to leaking the length of the supported MIME types? If
I am guessing right, the answer lies in
https://bugzilla.mozilla.org/show_bug.cgi?id=757726 which got resolved as
WON'TFIX. If that is true could you add a hint about that in the test
explaining what is going on?
3) s/prmoise/promise/ in the test
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list