Opened 6 weeks ago

Last modified 4 weeks ago

#30862 new defect

10ms time precision via EXSLT date-time function

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-time-highres
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

z3t reported at HackerOne that the EXSLT date-tme function is subverting our patches that set the timing granularity to 100ms. We get at least a 10ms precision that way. PoC is on https://people.torproject.org/~gk/tests/tor_xml_time.html. And see dom/xslt/xslt/txEXSLTFunctions.cpp for the date:date-time implementation.

Child Tickets

Change History (4)

comment:1 Changed 5 weeks ago by cypherpunks

How is this new to #16110 with ~5ms accuracy? Also isn't 100ms too much?

comment:2 Changed 4 weeks ago by gk

Keywords: tbb-fingerprinting-highres added; tbb-fingerprinting removed

comment:3 Changed 4 weeks ago by cypherpunks

It's a tbb-fingerprinting-time or tbb-fingerprinting-time-highres if sub-ms accuracy can be achieved.

comment:4 Changed 4 weeks ago by gk

Keywords: tbb-fingerprinting-time-highres added; tbb-fingerprinting-highres removed
Note: See TracTickets for help on using tickets.