[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.9.1esr-13.0-1] 3 commits: fixup! Firefox preference overrides.

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Mon Apr 8 10:51:25 UTC 2024



Pier Angelo Vendrame pushed to branch tor-browser-115.9.1esr-13.0-1 at The Tor Project / Applications / Tor Browser


Commits:
59d59b87 by Pier Angelo Vendrame at 2024-04-08T12:48:52+02:00
fixup! Firefox preference overrides.

Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a
defense-in-depth.

We will have to revert this during the ESR-transition.

- - - - -
e29b76ff by Pier Angelo Vendrame at 2024-04-08T12:50:50+02:00
Bug 42428: Make RFP spoof the timezone of document.lastModified.

- - - - -
4b70c6b0 by Pier Angelo Vendrame at 2024-04-08T12:51:14+02:00
Bug 42472: Spoof timezone in XSLT.

- - - - -


3 changed files:

- browser/app/profile/001-base-profile.js
- dom/base/Document.cpp
- dom/xslt/xslt/txEXSLTFunctions.cpp


Changes:

=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -397,6 +397,9 @@ pref("browser.display.use_system_colors", false);
 // Enforce non-native widget theme (true by default, defense in depth).
 // Provides a uniform look and feel across platforms. Added with tor-browser#41496.
 pref("widget.non-native-theme.enabled", true);
+// tor-browser#41676: Set the TZ environment variable as a defense-in-depth.
+// TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582.
+pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
 
 // tor-browser#41943: lock and revisit after it gets flipped to true in stable Firefox
 pref("javascript.options.spectre.disable_for_isolated_content", false, locked);


=====================================
dom/base/Document.cpp
=====================================
@@ -4104,10 +4104,11 @@ void Document::SetDocumentURI(nsIURI* aURI) {
   }
 }
 
-static void GetFormattedTimeString(PRTime aTime,
+static void GetFormattedTimeString(PRTime aTime, bool aUniversal,
                                    nsAString& aFormattedTimeString) {
   PRExplodedTime prtime;
-  PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime);
+  PR_ExplodeTime(aTime, aUniversal ? PR_GMTParameters : PR_LocalTimeParameters,
+                 &prtime);
   // "MM/DD/YYYY hh:mm:ss"
   char formatedTime[24];
   if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d",
@@ -4125,7 +4126,9 @@ void Document::GetLastModified(nsAString& aLastModified) const {
   if (!mLastModified.IsEmpty()) {
     aLastModified.Assign(mLastModified);
   } else {
-    GetFormattedTimeString(PR_Now(), aLastModified);
+    GetFormattedTimeString(PR_Now(),
+                           ShouldResistFingerprinting(RFPTarget::Unknown),
+                           aLastModified);
   }
 }
 
@@ -11113,7 +11116,8 @@ void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) {
 
   mLastModified.Truncate();
   if (modDate != 0) {
-    GetFormattedTimeString(modDate, mLastModified);
+    GetFormattedTimeString(
+        modDate, ShouldResistFingerprinting(RFPTarget::Unknown), mLastModified);
   }
 }
 


=====================================
dom/xslt/xslt/txEXSLTFunctions.cpp
=====================================
@@ -591,7 +591,14 @@ nsresult txEXSLTFunctionCall::evaluate(txIEvalContext* aContext,
       // http://exslt.org/date/functions/date-time/
 
       PRExplodedTime prtime;
-      PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
+      PR_ExplodeTime(
+          PR_Now(),
+          // We are not allowed to access the Document when evaluating this, so
+          // fall back to the general function.
+          nsContentUtils::ShouldResistFingerprinting(RFPTarget::Unknown)
+              ? PR_GMTParameters
+              : PR_LocalTimeParameters,
+          &prtime);
 
       int32_t offset =
           (prtime.tm_params.tp_gmt_offset + prtime.tm_params.tp_dst_offset) /



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e69ef25e035e3fd36772da9e2e38925a6c69c092...4b70c6b02d980a3f6d92975ffb79115d70a8a732

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e69ef25e035e3fd36772da9e2e38925a6c69c092...4b70c6b02d980a3f6d92975ffb79115d70a8a732
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240408/9c017309/attachment-0001.htm>


More information about the tor-commits mailing list