[tor-bugs] #31287 [Applications/Tor Browser]: NoScript leaks browser locale if objects are blocked and JavaScript is allowed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 30 11:17:48 UTC 2019
#31287: NoScript leaks browser locale if objects are blocked and JavaScript is
allowed
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-locale, noscript | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:3 ma1]:
> Thanks, I can see it now.
> I could devise some work-around, but the underlying issue IMHO is that
browser.i18n.getMessage() in WebExtensions' content scripts should use
whatever fake locale ("en", I guess) you choose as fingerprinting-
resistant and exposed to content, isn't it?
Yes, I think so. We should probably have a Firefox patch for that given
that this is a general problem. Given that this is only exposed in a non-
standard Tor Browser configuration I think we have more important NoScript
related issues in our bug tracker to deal with (which is, of course, not
meant as an argument against a work-around ;) ).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31287#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list