[tor-bugs] #18560 [Applications/Tor Browser]: WEBGL_debug_renderer_info extension may leak information about graphics driver
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 29 00:00:10 UTC 2017
#18560: WEBGL_debug_renderer_info extension may leak information about graphics
driver
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-fingerprinting, | Actual Points:
tbb-7.0-must-alpha |
Parent ID: | Points:
Reviewer: | Sponsor: None
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):
* status: new => needs_review
Comment:
In 52ESR, this extension [https://dxr.mozilla.org/mozilla-
esr52/rev/cb606065c4c1f021a03421eff069d64032cf9b4a/modules/libpref/init/all.js#4497
remains disabled] in Beta and Release channels.
Moreover, in Tor Browser, we [https://gitweb.torproject.org/tor-
browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-
browser-52.1.0esr-7.0-2#n112 have] `pref("webgl.disable-extensions",
true)`, which means that all webgl extensions are disabled (including
WEBGL_debug_renderer_info).
To be extra sure, I manually confirmed in TBB 7.0a3 that entering
{{{
document.createElement("canvas").getContext("experimental-
webgl").getSupportedExtensions();
}}}
in a content JS console returns an empty array.
We could postpone this ticket again to ff59-esr, but as long as we are
disabling all extensions, I think the conclusion will be the same. Setting
to needs_review to see if my colleagues want to keep this ticket open.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18560#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list