[tor-bugs] #23393 [Applications/Tor Browser]: All tabs often crash when closing one tab
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 15 19:25:44 UTC 2017
#23393: All tabs often crash when closing one tab
-------------------------------------------------+-------------------------
Reporter: SaturnusDJ | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-e10s, tbb-crash, | Actual Points:
TorBrowserTeam201709R, GeorgKoppen201709 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by mcs):
* cc: brade, mcs (added)
* status: assigned => needs_review
* keywords: tbb-e10s, tbb-crash, TorBrowserTeam201709, GeorgKoppen201709
=> tbb-e10s, tbb-crash, TorBrowserTeam201709R, GeorgKoppen201709
Comment:
I am not sure if there is just one underlying cause for this bug, but here
is a fix for one scenario:
https://gitweb.torproject.org/user/brade/tor-
browser.git/commit/?h=bug23393-01
The steps to reproduce are:
1. Open https://www.google.com/ in a tab.
2. Open https://developer.mozilla.org/samples/video/chroma-key/index.xhtml
in a second tab.
3. Click to play the video.
4. After the canvas prompt is showing and while the video is still
playing, close the tab.
The developer.mozilla.org page tries repeatedly to extract canvas data,
which means the canvas prompt codepath is being exercised over and over
again, even while the tab is closing. This leads to an error in the
main/parent process, after which it kills the content (child) process. I
don't think this is exploitable from a security perspective, but it is
disruptive if you have a few tabs open.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23393#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list