Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#30802 closed defect (duplicate)

DOMParser errors leak locale

Reported by: acat Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While writing a test for #30304 I found (yet) another way to get browser locale:

const doc = (new DOMParser).parseFromString('getyourlocale', 'application/xhtml+xml');
alert(doc.getElementsByTagName('parsererror')[0].firstChild.textContent);

test: https://acatarineu.github.io/fp/locale_domparser_error.html

Child Tickets

Change History (5)

comment:1 Changed 2 months ago by acat

Starting to think there are might be too many of these that we still don't know of. Perhaps apart from fixing the remaining tbb-fingerprinting-locale issues, we could investigate a bit to see if we can find more localized errors/properties exposed to web content.

comment:2 Changed 2 months ago by gk

Is that a duplicate of #30683? (See: https://people.torproject.org/~gk/tests/tor_domparser_locale_leak.html and the second example on the ticket)

comment:3 Changed 2 months ago by acat

Resolution: duplicate
Status: newclosed

Oh, how embarrassing, did not see that one :)

comment:4 Changed 2 months ago by acat

#30683 is a duplicate.

comment:5 Changed 2 months ago by cypherpunks

#30683 is a duplicate.

No. This ticket is a duplicate of #30683 ;)

Note: See TracTickets for help on using tickets.