Opened 10 months ago

Closed 3 months ago

#25794 closed defect (fixed)

Sanitize PointerEvent

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-8.0-issues, tbb-regression, tbb-fingerprinting, TorBrowserTeam201812R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arthuredelstein)

Simon alerted me to the fact that PointerEvents have been enabled in Firefox 59 (https://bugzilla.mozilla.org/show_bug.cgi?id=1411467). We should sanitize events these under privacy.resistFingerprinting = true.

https://developer.mozilla.org/en-US/docs/Web/API/Pointer_events

Child Tickets

Change History (11)

comment:1 Changed 10 months ago by arthuredelstein

Description: modified (diff)
Keywords: tbb-fingerprinting added

comment:3 Changed 9 months ago by arthuredelstein

Description: modified (diff)

comment:4 Changed 5 months ago by gk

Keywords: tbb-8.0-issues tbb-regression TorBrowserTeam201809 added; ff60-esr removed

I guess we should disable that for now and enable it again when switching to esr68. I am amenable testing it in 8.5aX as well and shipping it in 8.5.

comment:5 Changed 5 months ago by gk

Keywords: TorBrowserTeam201810 added; TorBrowserTeam201809 removed

Moving tickets to October

comment:6 Changed 4 months ago by gk

Keywords: TorBrowserTeam201811 added; TorBrowserTeam201810 removed

Moving our tickets to November.

comment:7 in reply to:  4 Changed 3 months ago by gk

Replying to gk:

I guess we should disable that for now and enable it again when switching to esr68. I am amenable testing it in 8.5aX as well and shipping it in 8.5.

https://bugzilla.mozilla.org/show_bug.cgi?id=1492766 landed, but all in all that looks like a ton to backport. Let's disable it for now.

comment:8 Changed 3 months ago by gk

Keywords: TorBrowserTeam201811R added; TorBrowserTeam201811 removed
Status: newneeds_review

bug_25794_v2 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_25794_v2&id=53880c99aef73b446796e1261149e7635c2913da) has a fix for review. Pointer events are disabled on mobile, so we are good from that perspective already.

comment:9 Changed 3 months ago by gk

Keywords: TorBrowserTeam201812R added; TorBrowserTeam201811R removed

Move review tickets to Decemeber.

comment:10 Changed 3 months ago by mcs

r=brade, r=mcs
The patch looks good.

comment:11 Changed 3 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks. Cherry-picked to tor-browser-60.3.0esr-8.5-1 (commit c20210b1a017c4e94157c1acfbef18e878202ff4) and tor-browser-60.3.0es-8.0-1 (commit 3c03aad30d2b2b0e92359f15a1a95cfb2354544e). I opened #28729 for thinking about how we should deal with that for Firefox 68 ESR.

Note: See TracTickets for help on using tickets.