Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#2873 closed enhancement (fixed)

Block Components.lookupMethod in TorBrowser

Reported by: mikeperry Owned by: mikeperry
Priority: Medium Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerryIterationFires20110529, backport-to-mozilla
Cc: g.koppen@…, lunar@… Actual Points: 2
Parent ID: #2871 Points: 4
Reviewer: Sponsor:

Description

It appears that EMCAScript 5 added official support for hooking JS objects for protection against XSS. However Firefox seems to have left a backdoor to undo these hooks in the form of Components.lookupMethod, which is marked "unconfigurable" (which means it cannot be hooked).

We should remove this bit, and/or neuter this API in TorBrowser. This should allow us to safely write JS hooks to deal with fingerprinting issues in the window object and the DOM.

Child Tickets

Attachments (1)

components.diff (1.2 KB) - added by mikeperry 8 years ago.
Block access to components.lookupMethod and components.interfaces

Download all attachments as: .zip

Change History (8)

comment:1 Changed 8 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 8 years ago by mikeperry

Points: 4

Blocking and/or changing the attribute of this should be simple. Will of course need to be tested though. Also, some research on why a website might actually need this to function properly is probably a good plan.

comment:3 Changed 8 years ago by mikeperry

Component: Tor bundles/installationTor Browser

comment:4 Changed 8 years ago by lunar

Cc: lunar@… added

comment:5 Changed 8 years ago by mikeperry

Keywords: MikePerryIterationFires20110529 added

I think I'm going to try to do this during this iteration. Nickm is going to beat me to stable otherwise! I also expect that just twiddling the property should be simpler than 4 points, but we'll see.

comment:6 Changed 8 years ago by mikeperry

Actual Points: 2
Resolution: fixed
Status: newclosed

I couldn't figure out where the configurable bit was being set for this, but I did successfully disable it.

No prefs for now. We don't need them. I'm also not sure if this is the exact approach Firefox would prefer. It might break less random script if these were present but configurable for us to neuter via content script instead of fully removing it.

Changed 8 years ago by mikeperry

Attachment: components.diff added

Block access to components.lookupMethod and components.interfaces

comment:7 Changed 8 years ago by StrangeCharm

Keywords: backport-to-mozilla added
Note: See TracTickets for help on using tickets.