Opened 2 years ago

Last modified 7 months ago

#18560 assigned defect

WEBGL_debug_renderer_info extension may leak information about graphics driver

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: None

Description

https://bugzilla.mozilla.org/show_bug.cgi?id=1171228 has made this available to content but it is still preffed off on release channels (webgl.enable-debug-renderer-info is set to false). We should keep an eye on that when switching to ESR 52

Child Tickets

Change History (6)

comment:1 Changed 16 months ago by gk

Keywords: tbb-7.0-must added

More tickets for 7.0.

comment:2 Changed 16 months ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting more tickets on our alpha radar.

comment:3 Changed 16 months ago by gk

Priority: MediumHigh

Moving the investigation tickets to higher priority.

comment:4 Changed 16 months ago by arthuredelstein

Status: newneeds_review

In 52ESR, this extension remains disabled in Beta and Release channels.

Moreover, in Tor Browser, we have pref("webgl.disable-extensions", true), which means that all webgl extensions are disabled (including WEBGL_debug_renderer_info).

To be extra sure, I manually confirmed in TBB 7.0a3 that entering

document.createElement("canvas").getContext("experimental-webgl").getSupportedExtensions();

in a content JS console returns an empty array.

We could postpone this ticket again to ff59-esr, but as long as we are disabling all extensions, I think the conclusion will be the same. Setting to needs_review to see if my colleagues want to keep this ticket open.

comment:5 in reply to:  4 Changed 16 months ago by gk

Keywords: ff59-esr added; ff52-esr tbb-7.0-must-alpha removed
Priority: HighMedium
Status: needs_reviewassigned

Replying to arthuredelstein:

In 52ESR, this extension remains disabled in Beta and Release channels.

Yes. This is gone with Firefox 53, though.

Moreover, in Tor Browser, we have pref("webgl.disable-extensions", true), which means that all webgl extensions are disabled (including WEBGL_debug_renderer_info).

To be extra sure, I manually confirmed in TBB 7.0a3 that entering

document.createElement("canvas").getContext("experimental-webgl").getSupportedExtensions();

in a content JS console returns an empty array.

We could postpone this ticket again to ff59-esr, but as long as we are disabling all extensions, I think the conclusion will be the same.

I tend to agree. Might be worth, though, double-checking that this is actually the case (we could review the webgl extensions disabling code then).

comment:6 Changed 7 months ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

Note: See TracTickets for help on using tickets.