[tor-bugs] #33479 [Applications/Tor Browser]: PDF fullscreen Presentation Mode doesn't letterbox
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 28 12:13:58 UTC 2020
#33479: PDF fullscreen Presentation Mode doesn't letterbox
-------------------------+------------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+------------------------------------------
1. Open a PDF file in a new tab so it opens in the browser's internal PDF
viewer. Here's one.
https://gitweb.torproject.org/company/policies.git/plain/corpdocs/IRS-
Determination-Letter.pdf
2. Click the 4-outward-arrows (fullscreen?) icon on the PDF toolbar. Its
tooltip when you hover on it says, "Switch to Presentation Mode"
3. Observe that Presentation Mode is not letterboxed.
PDF Presentation Mode is distinct from browser full screen (F11 key) and
from maximize.
Is this exploitable at all? Is the internal PDF API fingerprintable? Tor
Browser warns when downloading to not open files in external viewers that
could circumvent Tor.
Similar vectors:
* #32713, Letterboxing doesn't work when fullscreening videos
* #12609, HTML5 fullscreen API makes TB fingerprintable
Inspired by:
* https://blog.torproject.org/comment/286752#comment-286752
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33479>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list