[tor-bugs] #13026 [Tor Browser]: Verify screenX and screenY are spoofed sanely

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 2 19:18:54 UTC 2014


#13026: Verify screenX and screenY are spoofed sanely
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-easy, tbb-testcase,
  Browser                |  tbb-fingerprinting, TorBrowserTeam201409Easy
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 Replying to [comment:4 gacar]:
 > Checking the relevant Mozilla bug
 [https://bugzilla.mozilla.org/show_bug.cgi?id=943668 #943668] and
 [https://hg.mozilla.org/releases/mozilla-aurora/rev/5b7edf143247 landed FF
 patch], it seems
 [https://gitweb.torproject.org/torbrowser.git/blob/HEAD:/src/current-
 patches/firefox/0021-Do-not-expose-physical-screen-info.-via-window-
 and-w.patch existing TBB patch #0021] is still ok but needs to be updated
 for ESR31 to cover this new method: [https://mxr.mozilla.org/mozilla-
 esr31/source/dom/base/nsGlobalWindow.cpp#4991 nsGlobalWindow::GetScreenXY]

 It looks like Arthur already patched that method:
 https://github.com/arthuredelstein/tor-
 browser/commit/0c95ccb313bfc059e8d3433edeb6c4b4a9309569

 > For the device/CSS pixel difference, TBB bluntly returns 0 from the
 methods changed in the Firefox's patch (`GetScreenX, GetScreenY`). So I
 guess it should be ok.

 If Arthur agrees that he has already taken care of the new methods, this
 bug should be closed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13026#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list