[tor-commits] [torbutton/master] Update the FF4 audit.
mikeperry at torproject.org
mikeperry at torproject.org
Tue Apr 5 00:36:40 UTC 2011
commit b2c57fa5177e963f733ee6ad586e14ea553f8410
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Mon Apr 4 17:10:47 2011 -0700
Update the FF4 audit.
Reorganize issues by their vulnerability type.
---
website/design/FF40_AUDIT | 78 +++++++++++++++++++++++++--------------------
1 files changed, 43 insertions(+), 35 deletions(-)
diff --git a/website/design/FF40_AUDIT b/website/design/FF40_AUDIT
index f4c46f6..efa16cc 100644
--- a/website/design/FF40_AUDIT
+++ b/website/design/FF40_AUDIT
@@ -1,36 +1,44 @@
-- Major compatibility issues:
- http://blog.mozilla.com/addons/2010/11/11/making-add-on-compatible-firefox-4/
- https://developer.mozilla.org/en/Extensions/Updating_extensions_for_Firefox_4
- https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0
-
-- Key high level concerns:
- - WebThreads
- - https://developer.mozilla.org/En/Using_web_workers
- - Network activity blocked by content policy
- - What the hell is a blob url?
- - https://developer.mozilla.org/en/DOM/window.createBlobURL
- - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
- - Seems only relevent to FS injection..
- - WebSockets
- - New window.history functions may allow state smuggling
- - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
- - New screen attributes
- - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
- - Bounding rectangles -> window sizes?
- - https://bugzilla.mozilla.org/show_bug.cgi?id=396392
- - Mouse events reveal desktop coordinates?
- - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
- - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
- - DocShell and plugins inside createHTMLDocument?
- - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
- - Media attributes
- - "buffered"
- - "preload"
- - new codecs?
-
-
-
-- New fingerprinting threats:
- - Lots of things are now available to CSS :(
-
+- Review of https://developer.mozilla.org/en/Firefox_4_for_developers
+ - Potential proxy issues
+ - DocShell and plugins inside createHTMLDocument?
+ - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument
+ - WebSockets?
+ - Media attributes?
+ - "buffered"
+ - "preload"
+ - new codecs?
+ - What the hell is a blob url?
+ - https://developer.mozilla.org/en/DOM/window.createBlobURL
+ - https://developer.mozilla.org/en/DOM/window.revokeBlobURL
+ - Seems only relevent to FS injection..
+ - WebThreads are OK:
+ - https://developer.mozilla.org/En/Using_web_workers
+ - Network activity blocked by content policy
+ - Fingerprinting issues:
+ - New screen attributes
+ - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y
+ - Bounding rectangles -> window sizes?
+ - Maybe not display sizes, but seems possible to fingerprint rendered
+ content size.. ugh.
+ - https://developer.mozilla.org/en/DOM/element.getBoundingClientRect
+ - https://developer.mozilla.org/en/dom:range
+ - CSS resize, media queries, etc..
+ - WebGL may also expose screen properties and video card properties:
+ - https://developer.mozilla.org/en/WebGL
+ - https://www.khronos.org/registry/webgl/specs/1.0/#5.2
+ - https://www.khronos.org/registry/webgl/specs/1.0/#5.11
+ - SVG needs auditing. It may also expose absolute coords, but appears OK
+ - https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL
+ - Mouse events reveal desktop coordinates
+ - https://bugzilla.mozilla.org/show_bug.cgi?id=503943
+ - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent
+ - Actual screen dimensions not exposed
+ - Identifier Storage
+ - Content Secuity Properties may need clearing:
+ - https://developer.mozilla.org/en/Security/CSP
+ - STS cache needs clearing
+ - New window.history functions may allow state smuggling
+ - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history
+- New Javascript hooking options may help improve Date() hooks:
+ - https://developer.mozilla.org/en/JavaScript/New_in_JavaScript/1.8.5
More information about the tor-commits
mailing list