[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 29 15:33:13 UTC 2015


#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------------------------+-------------------------
 Reporter:  TemporaryNick                        |          Owner:
     Type:  defect                               |  arthuredelstein
 Priority:  High                                 |         Status:
Component:  Tor Browser                          |  needs_revision
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-fingerprinting,                  |        Version:
  TorBrowserTeam201510R                          |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 First round of comments:

 1) You probably want to do something like `#include "nsContentUtils.h"` in
 nsPluginArray.cpp, too (I wonder how you got it compiled without
 actually).

 2) I don't understand
 {{{
   // TODO: The following line should be active in Firefox 45
 +  // isnot(navigator.mimeTypes.length, 0, "navigator.mimeTypes array
 should be 0");
 }}}
 .

 What does it mean? We don't need that test yet? If so, why not? Or does it
 mean we can't run that test right now because XXX would break it? If so
 what fixes this (Do you have a bug number?)? And does it mean we are save
 for now with respect to leaking the length of the supported MIME types? If
 I am guessing right, the answer lies in
 https://bugzilla.mozilla.org/show_bug.cgi?id=757726 which got resolved as
 WON'TFIX. If that is true could you add a hint about that in the test
 explaining what is going on?

 3) s/prmoise/promise/ in the test

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list