#12150: Fonts limit bypass with iframes
----------------------------------+---------------------------
Reporter: jaedo | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
It is possible to bypass max font using iframe (also object/frame i
guess),
1st demo shows that each iframe instance has own max_font.
If you create many iframes with less than max_fonts in each, it not reset
window.parent fonts.
http://pastebin.com/raw.php?i=MkqVQv8x
2nd, full bruteforce script with 512 fonts array.
It dynamically creates many iframes with N fonts in each.
Each iframe separately executes typical js/css detection mmmmlliii script
with a short given set of fonts, and sends offsetWidth/Heights to parent
script via postMessage.
Parent script collect all answers and then compare results.
http://pastebin.com/raw.php?i=D8DWb47X
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12150>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
