[tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 8 11:13:35 UTC 2017
#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
------------------------------------------+------------------------
Reporter: arthuredelstein | Owner: rah
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: ff59-esr, tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------+------------------------
Comment (by gk):
Replying to [comment:9 rah]:
> Replying to [comment:8 gk]:
> > I think you should have access to `document.timeline` if you switched
`dom.animations-api.core.enabled` to `true`
>
> That worked, thanks. I tested my patch in Firefox Nightly and it
worked; the output of document.timeline.currentTime was clamped to 100ms.
I then tested the patch in tor-browser and it also worked. However, when
I tested tor-browser without my patch, I was surprised to find that I got
the same behaviour. I used the same test with a binary download of the
latest tor browser bundle and again, got the same behaviour. My patch is
superfluous and in fact, this bug has already been fixed.
>
> The DocumentTimeline Web Animations API interface inherits its
currentTime property from AnimationTimeline. The get method for this
property is bound to
mozilla::dom::AnimationTimeline::GetCurrentTimeAsDouble(). This method in
turn calls the virtual method GetCurrentTime(), which is implemented in
mozilla::dom::DocumentTimeline. However, GetCurrentTimeAsDouble() uses
AnimationUtils::TimeDurationToDouble() to convert the value returned by
GetCurrentTime(). In [https://gitweb.torproject.org/tor-
browser.git/commit/?h=esr24&id=167f4e468d8458b6e69f54ba16aef066d3f08160
commit 167f4e468d8458b6e69f54ba16aef066d3f08160],
AnimationUtils::TimeDurationToDouble() was modified to clamp the value to
100ms. In fact, that commit includes a mochitest test which checks
document.timeline.currentTime among others.
>
> So, this bug was already fixed along with #16337.
Thanks for this analysis. Nice find!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19479#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list