[tor-bugs] #13026 [Tor Browser]: Verify screenX and screenY are spoofed sanely
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 2 19:18:54 UTC 2014
#13026: Verify screenX and screenY are spoofed sanely
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
mikeperry | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-easy, tbb-testcase,
Browser | tbb-fingerprinting, TorBrowserTeam201409Easy
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Replying to [comment:4 gacar]:
> Checking the relevant Mozilla bug
[https://bugzilla.mozilla.org/show_bug.cgi?id=943668 #943668] and
[https://hg.mozilla.org/releases/mozilla-aurora/rev/5b7edf143247 landed FF
patch], it seems
[https://gitweb.torproject.org/torbrowser.git/blob/HEAD:/src/current-
patches/firefox/0021-Do-not-expose-physical-screen-info.-via-window-
and-w.patch existing TBB patch #0021] is still ok but needs to be updated
for ESR31 to cover this new method: [https://mxr.mozilla.org/mozilla-
esr31/source/dom/base/nsGlobalWindow.cpp#4991 nsGlobalWindow::GetScreenXY]
It looks like Arthur already patched that method:
https://github.com/arthuredelstein/tor-
browser/commit/0c95ccb313bfc059e8d3433edeb6c4b4a9309569
> For the device/CSS pixel difference, TBB bluntly returns 0 from the
methods changed in the Firefox's patch (`GetScreenX, GetScreenY`). So I
guess it should be ok.
If Arthur agrees that he has already taken care of the new methods, this
bug should be closed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13026#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list