Skip to content
Snippets Groups Projects
Closed Block Components.lookupMethod in TorBrowser
  • View options
  • Block Components.lookupMethod in TorBrowser

    • View options
  • Closed created by Mike Perry

    It appears that EMCAScript 5 added official support for hooking JS objects for protection against XSS. However Firefox seems to have left a backdoor to undo these hooks in the form of Components.lookupMethod, which is marked "unconfigurable" (which means it cannot be hooked).

    We should remove this bit, and/or neuter this API in TorBrowser. This should allow us to safely write JS hooks to deal with fingerprinting issues in the window object and the DOM.

    Attributes

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first