Opened 2 months ago

Last modified 2 months ago

#29745 new defect

Exposed chrome:// resources allow browser version and OS detection [Bug 1534581]

Reported by: flngerprlnt Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The default permissions defined in the chrome.manifest file allow specific paths to be called from any web page. For example, chrome://browser/content/* or chrome://global/content/*.

For references see https://bugzilla.mozilla.org/show_bug.cgi?id=1534581

Child Tickets

Attachments (1)

demo2.png (373.0 KB) - added by flngerprlnt 2 months ago.
Detection examples and code inspection

Download all attachments as: .zip

Change History (2)

Changed 2 months ago by flngerprlnt

Attachment: demo2.png added

Detection examples and code inspection

comment:1 Changed 2 months ago by gk

Component: - Select a componentApplications/Tor Browser
Keywords: tbb-fingerprinting added; version os detection fingerprinting chrome resources removed
Owner: set to tbb-team
Priority: MediumHigh
Note: See TracTickets for help on using tickets.