[tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 25 13:49:29 UTC 2017 

#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  task                            |         Status:  new
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201702  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:  Sponsor4
--------------------------------------------+--------------------------

Comment (by mcs):

 Finally, here our our notes for Firefox 51 (we did not look at the Firefox
 52 changes yet):

 a) We should verify that `TypedArray.toLocaleString()` does not leak
 locale information.
    https://developer.mozilla.org/en-
 US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray/toLocaleString

 b) We should verify that the new `<input>` types do not leak locale
 information, e.g., `<input type="time">`, `type="date"`, `type="week"`,
 etc.
  https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input

 c) WebGL2 is enabled by default which may enable new fingerprinting
 opportunities:
  https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API

 d) HTTP Opportunistic Security may add some linkability risks, although it
 seems okay at a glance.
  http://httpwg.org/http-extensions/opsec.html
  https://bugzilla.mozilla.org/show_bug.cgi?id=1301117

 e) Do we want to disable Web Audio due to fingerprinting risks? Mozilla
 keeps adding more functionality. Maybe this is already covered by #13017.

 f) There are some new Storage APIs that we should look at, e.g.,
  https://developer.mozilla.org/en-US/docs/Web/API/StorageManager/estimate
  https://bugzilla.mozilla.org/show_bug.cgi?id=1267941

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list