[tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 30 19:22:04 UTC 2017 

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
------------------------------------------+--------------------------
 Reporter:  arthuredelstein               |          Owner:  rah
     Type:  defect                        |         Status:  accepted
 Priority:  Medium                        |      Milestone:
Component:  Applications/Tor Browser      |        Version:
 Severity:  Normal                        |     Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+--------------------------

Comment (by rah):

 Replying to [comment:8 gk]:
 > I think you should have access to `document.timeline` if you switched
 `dom.animations-api.core.enabled` to `true`

 That worked, thanks.  I tested my patch in Firefox Nightly and it worked;
 the output of document.timeline.currentTime was clamped to 100ms.  I then
 tested the patch in tor-browser and it also worked.  However, when I
 tested tor-browser without my patch, I was surprised to find that I got
 the same behaviour.  I used the same test with a binary download of the
 latest tor browser bundle and again, got the same behaviour.  My patch is
 superfluous and in fact, this bug has already been fixed.

 The DocumentTimeline Web Animations API interface inherits its currentTime
 property from AnimationTimeline.  The get method for this property is
 bound to mozilla::dom::AnimationTimeline::GetCurrentTimeAsDouble().  This
 method in turn calls the virtual method GetCurrentTime(), which is
 implemented in mozilla::dom::DocumentTimeline.  However,
 GetCurrentTimeAsDouble() uses AnimationUtils::TimeDurationToDouble() to
 convert the value returned by GetCurrentTime().  In
 [https://gitweb.torproject.org/tor-
 browser.git/commit/?h=esr24&id=167f4e468d8458b6e69f54ba16aef066d3f08160
 commit 167f4e468d8458b6e69f54ba16aef066d3f08160],
 AnimationUtils::TimeDurationToDouble() was modified to clamp the value to
 100ms.  In fact, that commit includes a mochitest test which checks
 document.timeline.currentTime among others.

 So, this bug was already fixed along with #16337.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19479#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list