#26611 closed defect (fixed)

verify no locale leaks in ESR60 `Intl` APIs

Reported by: mcs Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, ff60-esr, TorBrowserTeam201808R
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (6)

comment:1 Changed 18 months ago by arthuredelstein

Cc: arthuredelstein added

comment:2 Changed 18 months ago by gk

Priority: MediumImmediate

Bumping prio.

comment:3 Changed 18 months ago by gk

Priority: ImmediateHigh

comment:4 Changed 17 months ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201807 removed

Move our tickets to August.

comment:5 in reply to:  description Changed 16 months ago by arthuredelstein

Keywords: TorBrowserTeam201808R added; TorBrowserTeam201808 removed
Status: newneeds_review

Replying to mcs:

​Several new Intl APIs and enhancements to existing APIs were added during the ESR60 development cycle. We should review the changes to make sure locale info, etc. is not leaked when privacy.resistFingerprinting is true.

In general, the Intl APIs use the apparent system locale. "javascript.use_us_english" and "privacy.spoof_english" already cause the system locale to be overridden for Firefox so that previous APIs correctly behaved as though the locale were "en-US".

But I wanted to make sure that the new APIs also followed the same mechanism. So I ran manual tests for each. I opened a blank page and entered test inputs into the content console for two values of "privacy.spoof_english":

See:
https://bugzilla.mozilla.org/show_bug.cgi?id=1403318
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/PluralRules

privacy.spoof_english new Intl.PluralRules().resolvedOptions().locale
1 "de"
2 "en-US"

https://bugzilla.mozilla.org/show_bug.cgi?id=1403319
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/NumberFormat/formatToParts

privacy.spoof_english Intl.NumberFormat().formatToParts(1000)[1]
1 Object { type: "group", value: "." }
2 Object { type: "group", value: "," }

https://bugzilla.mozilla.org/show_bug.cgi?id=1386146
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat

privacy.spoof_english new Intl.DateTimeFormat(undefined, {hour: "numeric"}).resolvedOptions().hourCycle
1 "h23"
2 "h12"

So the manual tests appear to confirm that these new APIs are correctly spoofing the locale. I also a opened a bugzilla bug to propose the idea of adding some regression tests: https://bugzilla.mozilla.org/1486258

Setting to "needs review" for a second opinion. :)

comment:6 Changed 16 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks, looks good!

Note: See TracTickets for help on using tickets.