[tor-bugs] #14205 [Applications/Tor Browser]: Closely review all uses of IsCallerChrome() for e10s
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 26 14:38:26 UTC 2017
#14205: Closely review all uses of IsCallerChrome() for e10s
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: mcs
Type: task | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting, tbb-e10s, tbb- | Actual Points:
rebase, ff52-esr, tbb-7.0-must |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
The problem of reviewing the calls to ensure that they are only called
from the tab/comtent process when e10s is enabled is definitely a
challenge. Look here for an interesting comment:
https://dxr.mozilla.org/mozilla-esr52/source/dom/base/nsContentUtils.h#203
One approach would be for us to put breakpoints in `IsCallerChrome()` and
related calls and see what the stack looks like in e10s mode when the
breakpoints are hit while we exercise the code paths we care about. But we
might miss something.
The Mozilla developers are working on this issue as well. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1316480 ("Get rid of
IsCallerChrome and friends") which depends on a bunch of other bugs, many
– but not all – of which have been fixed. In many cases, Mozilla wants to
hide an API from regular web pages, so they can handle the issue at the
webidl level. But in many cases we need to do something more subtle such
as return a different, less fingerprintable result to web pages.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14205#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list