[tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 8 11:13:35 UTC 2017 

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
------------------------------------------+------------------------
 Reporter:  arthuredelstein               |          Owner:  rah
     Type:  defect                        |         Status:  closed
 Priority:  Medium                        |      Milestone:
Component:  Applications/Tor Browser      |        Version:
 Severity:  Normal                        |     Resolution:  fixed
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+------------------------

Comment (by gk):

 Replying to [comment:9 rah]:
 > Replying to [comment:8 gk]:
 > > I think you should have access to `document.timeline` if you switched
 `dom.animations-api.core.enabled` to `true`
 >
 > That worked, thanks.  I tested my patch in Firefox Nightly and it
 worked; the output of document.timeline.currentTime was clamped to 100ms.
 I then tested the patch in tor-browser and it also worked.  However, when
 I tested tor-browser without my patch, I was surprised to find that I got
 the same behaviour.  I used the same test with a binary download of the
 latest tor browser bundle and again, got the same behaviour.  My patch is
 superfluous and in fact, this bug has already been fixed.
 >
 > The DocumentTimeline Web Animations API interface inherits its
 currentTime property from AnimationTimeline.  The get method for this
 property is bound to
 mozilla::dom::AnimationTimeline::GetCurrentTimeAsDouble().  This method in
 turn calls the virtual method GetCurrentTime(), which is implemented in
 mozilla::dom::DocumentTimeline.  However, GetCurrentTimeAsDouble() uses
 AnimationUtils::TimeDurationToDouble() to convert the value returned by
 GetCurrentTime().  In [https://gitweb.torproject.org/tor-
 browser.git/commit/?h=esr24&id=167f4e468d8458b6e69f54ba16aef066d3f08160
 commit 167f4e468d8458b6e69f54ba16aef066d3f08160],
 AnimationUtils::TimeDurationToDouble() was modified to clamp the value to
 100ms.  In fact, that commit includes a mochitest test which checks
 document.timeline.currentTime among others.
 >
 > So, this bug was already fixed along with #16337.

 Thanks for this analysis. Nice find!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19479#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list