[tor-bugs] #19844 [- Select a component]: Prevent browser history leaks from CSS mix-blend-mode API in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 5 17:18:50 UTC 2016
#19844: Prevent browser history leaks from CSS mix-blend-mode API in Tor Browser
--------------------------------------+-----------------------------
Reporter: isis | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords: tbb-linkability
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-----------------------------
Similar to the old trick of querying the colour of a link on a page to see
whether the user has visited that link before, there is
[https://lcamtuf.blogspot.sk/2016/08/css-mix-blend-mode-is-bad-for-
keeping.html a new form of this attack] which is made more efficient by
querying the :visited attribute on a set of numerous links via defining a
boolean algebra with the non-linear CSS blending operators in the
[https://developer.mozilla.org/en-US/docs/Web/CSS/mix-blend-mode mix-
blend-mode API].
lcamtuf has [http://lcamtuf.coredump.cx/whack/ a demo of the attack] which
works in my Tor Browser 6.0.3. We should determine a way to mitigate this
attack.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19844>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list