[tor-bugs] #33479 [Applications/Tor Browser]: PDF fullscreen Presentation Mode doesn't letterbox

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 28 12:13:58 UTC 2020


#33479: PDF fullscreen Presentation Mode doesn't letterbox
-------------------------+------------------------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Component:  Applications/Tor Browser
  Version:               |       Severity:  Normal
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+------------------------------------------
 1. Open a PDF file in a new tab so it opens in the browser's internal PDF
 viewer. Here's one.
 https://gitweb.torproject.org/company/policies.git/plain/corpdocs/IRS-
 Determination-Letter.pdf
 2. Click the 4-outward-arrows (fullscreen?) icon on the PDF toolbar. Its
 tooltip when you hover on it says, "Switch to Presentation Mode"
 3. Observe that Presentation Mode is not letterboxed.

 PDF Presentation Mode is distinct from browser full screen (F11 key) and
 from maximize.

 Is this exploitable at all?  Is the internal PDF API fingerprintable?  Tor
 Browser warns when downloading to not open files in external viewers that
 could circumvent Tor.

 Similar vectors:
 * #32713, Letterboxing doesn't work when fullscreening videos
 * #12609, HTML5 fullscreen API makes TB fingerprintable

 Inspired by:
 * https://blog.torproject.org/comment/286752#comment-286752

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33479>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list