[tor-bugs] #13818 [Tor Browser]: [PATCH] Active tab looks ugly (inherits system color scheme only partially)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 24 21:43:43 UTC 2014 

#13818: [PATCH] Active tab looks ugly (inherits system color scheme only partially)
-----------------------------+-----------------------------------
     Reporter:  gentoo_root  |      Owner:  tbb-team
         Type:  defect       |     Status:  needs_review
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  TorBrowserTeam201411R
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------------------------

Comment (by mcs):

 Replying to [comment:4 gentoo_root]:
 > It seems that my patch affects fingerprinting. I've attached test.html
 which renders differently with patched and unpatched Tor Browser (look at
 attached screenshots). Looks like we need to find a better way to solve
 this bug.

 Just because it renders differently does not necessarily mean there is a
 fingerprintable leak of information.  The question is, can a web site
 detect the difference?  It may be that a site cannot access the chrome://
 SVG document (and associated computed styles) due to the same origin
 security policy.  brade and I are trying to test that now.

 > It is also interesting that if I open tab-selected-start.svg directly
 (using chrome:// url), aPresContext->IsChromeOriginImage() == false, but
 when it's embedded on the page, IsChromeOriginImage() == true.

 Hmm.  It looks to me like it would be the opposite (but maybe I am reading
 the Mozilla code wrong).  Here is where mIsChromeOriginImage is set:

 http://mxr.mozilla.org/mozilla-
 esr31/source/layout/base/nsPresContext.cpp#641

 It will only be set to true if IsBeingUsedAsImage() returns true... which
 sounds like it would be true in the case where you load the SVG as a top-
 level document.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13818#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list