[tor-bugs] #2819 [Torbutton]: Removing JS hooks in FF4

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Mar 30 20:01:32 UTC 2011 

#2819: Removing JS hooks in FF4
-----------------------+----------------------------------------------------
 Reporter:  gk         |          Owner:  mikeperry
     Type:  defect     |         Status:  new      
 Priority:  major      |      Milestone:           
Component:  Torbutton  |        Version:           
 Keywords:             |         Parent:           
   Points:             |   Actualpoints:           
-----------------------+----------------------------------------------------

Comment(by rransom):

 Replying to [comment:1 gk]:
 > Okay, I just read the comment in jshooks.js today and saw that the
 commented `window.__proto__ = null` is causing the issues. Furthermore, I
 recognized that this problem was already uncovered by Greogory Fleischer
 some years ago. Nevertheless, I found a solution for fixing it. You have
 to split the hooks depending on the Firefox version (fun, I know). If the
 user has a FF3 you may set `window.__proto__ = null` as usual. If you have
 a FF4 you do not do this but use the `Object.defineProperty` with
 configurable set to `false`. It's ES5 stuff available in FF4. The code
 would then be something like:
 >
 {{{
 Object.defineProperty(window.__proto__, "innerWidth", {
              get: function() { return Math.round(origWidth/50.0)*50;},
              configurable: false});
 }}}
 >
 > in order to fake the `innerWidth` property. I just tested it and it
 seems to work. (And yes, an attacker is not able to revert this using
 things like `Object.defineProperty(foo, "bar", { configurable: true})`.)
 >
 > N.B.: I just see that Trac has problems displaying the proto property
 but I guess you know what I am referring to above...

 See [WikiFormatting] (also linked to above the ‘Comment’ box). The only
 formatting commands you need to include source code fragments properly are
 the backquotes for inline code and the three-brace structure for blocks of
 code.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2819#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list