[tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 25 19:48:49 UTC 2017
#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
------------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: rah
Type: defect | Status: accepted
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff59-esr, tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------+--------------------------
Comment (by rah):
Hi all,
I've created an initial patch, attached. This is following the strategy
described in entry 15, Timing-based Side Channels, of the "Specific
Fingerprinting Defenses in the Tor Browser" list under section 4.6, Cross-
Origin Fingerprinting Unlinkability, of The Design and Implementation of
the Tor Browser:
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-
linkability
The patch is against the tor-browser-52.2.0esr-7.5-1 branch. I've created
a small HTML document for testing, also attached. However, as noted
[comment:3 above], this functionality is only exposed in Firefox Nightly
and the test HTML reports that document.timeline is not defined when run
in the tor-browser branch.
I'm wondering whether there is a simple switch to activate this
functionality in the tor-browser branch? Or is it a matter of the code
not being there yet?
Thanks,
Bob Ham
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19479#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list