subject:"Re\: \[tor\-bugs\] #19479 \[Applications\/Tor Browser\]\: Document.timeline.currentTime leaks ms\-resolution clock in Firefox >=48"

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2018-02-11 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
-+-
 Reporter:  arthuredelstein  |  Owner:  rah
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-fingerprinting-time-   |  Actual Points:
  highres|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * keywords:  ff59-esr, tbb-fingerprinting => ff52-esr, tbb-fingerprinting-
 time-highres


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-08-08 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by gk):

 Replying to [comment:9 rah]:
 > Replying to [comment:8 gk]:
 > > I think you should have access to `document.timeline` if you switched
 `dom.animations-api.core.enabled` to `true`
 >
 > That worked, thanks.  I tested my patch in Firefox Nightly and it
 worked; the output of document.timeline.currentTime was clamped to 100ms.
 I then tested the patch in tor-browser and it also worked.  However, when
 I tested tor-browser without my patch, I was surprised to find that I got
 the same behaviour.  I used the same test with a binary download of the
 latest tor browser bundle and again, got the same behaviour.  My patch is
 superfluous and in fact, this bug has already been fixed.
 >
 > The DocumentTimeline Web Animations API interface inherits its
 currentTime property from AnimationTimeline.  The get method for this
 property is bound to
 mozilla::dom::AnimationTimeline::GetCurrentTimeAsDouble().  This method in
 turn calls the virtual method GetCurrentTime(), which is implemented in
 mozilla::dom::DocumentTimeline.  However, GetCurrentTimeAsDouble() uses
 AnimationUtils::TimeDurationToDouble() to convert the value returned by
 GetCurrentTime().  In [https://gitweb.torproject.org/tor-
 browser.git/commit/?h=esr24=167f4e468d8458b6e69f54ba16aef066d3f08160
 commit 167f4e468d8458b6e69f54ba16aef066d3f08160],
 AnimationUtils::TimeDurationToDouble() was modified to clamp the value to
 100ms.  In fact, that commit includes a mochitest test which checks
 document.timeline.currentTime among others.
 >
 > So, this bug was already fixed along with #16337.

 Thanks for this analysis. Nice find!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-07-30 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by rah):

 * status:  accepted => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-07-30 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+--
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by rah):

 Replying to [comment:8 gk]:
 > I think you should have access to `document.timeline` if you switched
 `dom.animations-api.core.enabled` to `true`

 That worked, thanks.  I tested my patch in Firefox Nightly and it worked;
 the output of document.timeline.currentTime was clamped to 100ms.  I then
 tested the patch in tor-browser and it also worked.  However, when I
 tested tor-browser without my patch, I was surprised to find that I got
 the same behaviour.  I used the same test with a binary download of the
 latest tor browser bundle and again, got the same behaviour.  My patch is
 superfluous and in fact, this bug has already been fixed.

 The DocumentTimeline Web Animations API interface inherits its currentTime
 property from AnimationTimeline.  The get method for this property is
 bound to mozilla::dom::AnimationTimeline::GetCurrentTimeAsDouble().  This
 method in turn calls the virtual method GetCurrentTime(), which is
 implemented in mozilla::dom::DocumentTimeline.  However,
 GetCurrentTimeAsDouble() uses AnimationUtils::TimeDurationToDouble() to
 convert the value returned by GetCurrentTime().  In
 [https://gitweb.torproject.org/tor-
 browser.git/commit/?h=esr24=167f4e468d8458b6e69f54ba16aef066d3f08160
 commit 167f4e468d8458b6e69f54ba16aef066d3f08160],
 AnimationUtils::TimeDurationToDouble() was modified to clamp the value to
 100ms.  In fact, that commit includes a mochitest test which checks
 document.timeline.currentTime among others.

 So, this bug was already fixed along with #16337.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-07-27 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+--
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:7 rah]:
 > I'm wondering whether there is a simple switch to activate this
 functionality in the tor-browser branch?  Or is it a matter of the code
 not being there yet?

 I think you should have access to `document.timeline` if you switched `dom
 .animations-api.core.enabled` to `true`. At least for me it was available
 to content then as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-07-25 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+--
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by rah):

 Hi all,

 I've created an initial patch, attached.  This is following the strategy
 described in entry 15, Timing-based Side Channels, of the "Specific
 Fingerprinting Defenses in the Tor Browser" list under section 4.6, Cross-
 Origin Fingerprinting Unlinkability, of The Design and Implementation of
 the Tor Browser:

 https://www.torproject.org/projects/torbrowser/design/#fingerprinting-
 linkability

 The patch is against the tor-browser-52.2.0esr-7.5-1 branch.  I've created
 a small HTML document for testing, also attached.  However, as noted
 [comment:3 above], this functionality is only exposed in Firefox Nightly
 and the test HTML reports that document.timeline is not defined when run
 in the tor-browser branch.

 I'm wondering whether there is a simple switch to activate this
 functionality in the tor-browser branch?  Or is it a matter of the code
 not being there yet?

 Thanks,

 Bob Ham

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-07-24 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+--
 Reporter:  arthuredelstein   |  Owner:  rah
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by rah):

 * owner:  tbb-team => rah
 * status:  new => accepted


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

2017-04-03 Thread Tor Bug Tracker & Wiki

#19479: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * keywords:  ff52-esr, tbb-fingerprinting, tbb-7.0-must,
 TorBrowserTeam201703 => ff59-esr, tbb-fingerprinting


Comment:

 Turns out this API is still only exposed in Firefox Nightly or chrome
 code. So I think we can postpone patching it until the next ESR.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

Re: [tor-bugs] #19479 [Applications/Tor Browser]: Document.timeline.currentTime leaks ms-resolution clock in Firefox >=48

8 matches

Site Navigation

Mail list logo

Footer information