Opened 4 years ago

Last modified 4 years ago

#18272 new defect

Browser resizing allows linking different tabs

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When a browser window is resized, a series of intermediate size steps occurs. The sequence of these resize steps along with a time stamp is almost certainly unique and can be used link different tabs.

While "onresize" events don't appear to fire in inactive tabs, Javascript timers work in inactive tabs and can be used to perform very high resolution polling.

Child Tickets

Change History (1)

comment:1 Changed 4 years ago by cypherpunks

Fuck, I just commented in #18273 mentioning screen size fingerprinting before I had read this ticket. If what I suspect is indeed possible it would make this attack js-less, just CSS.

But, why does this surprise me? Isn't CSS quasi Turing-complete or something?

Note: See TracTickets for help on using tickets.