[tor-bugs] #31287 [Applications/Tor Browser]: NoScript leaks browser locale if objects are blocked and JavaScript is allowed

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 31 07:51:17 UTC 2019 

#31287: NoScript leaks browser locale if objects are blocked and JavaScript is
allowed
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-locale, noscript  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Old description:

> If one customizes NoScript in a way that objects are blocked and
> JavaScript is enabled then the browser locale is leaked even if the user
> opted in in hiding it.
> This issue got reported to our HackerOne bug bounty program by ryotak,
> thanks!
>
> A copy of the developed PoC can be found at:
> https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.
>
> Note: Tor Browser is not vulnerable to this attack in any of the
> supported default settings (that is on any of the security settings
> levels).

New description:

 If one customizes NoScript in a way that objects are blocked and
 JavaScript is enabled then the browser locale is leaked even if the user
 opted in in hiding it.
 This issue got reported to our HackerOne bug bounty program by ryotak,
 thanks!

 A copy of the developed PoC can be found at:
 https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.

--

Comment (by gk):

 Replying to [comment:5 RyotaK]:
 > Replying to [ticket:31287 gk]:
 >
 > I want to tell you something in [https://hackerone.com/reports/651444
 HackerOne] thread that related to this bug. Tor Browser is vulnerable to
 this attack in supported settings. Can you look into it please?
 >
 > > Note: Tor Browser is not vulnerable to this attack in any of the
 supported default settings (that is on any of the security settings
 levels).

 Right. I was wrong here and I changed the description accordingly. One can
 see this on the medium-security level as well with media content being
 click-to-play.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31287#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list