Opened 14 months ago

Closed 12 months ago

Last modified 12 months ago

#31667 closed defect (duplicate)

NAvigator object leaking OS, again?

Reported by: op_mb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

hey all,

tor browser version 8.5.5 in tails os, navigator object leaks OS,

you need to modify these


here's the ticket (with pics), they redirected me to you:
(look at the pics i uploded there)

i've read the other tickets here, about fingerprinting, point is, that, automated scripts will vector attacks based on platform, so this is just opening an attack vector


Child Tickets

Change History (6)

comment:1 Changed 14 months ago by op_mb

p.s.: Bug 26146: Spoof HTTP User-Agent header for desktop platforms

propose on/off button "... to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs."

p.p.s. i know some forms dont load, like on youtube for example, if navigator.spoofed == true (lol)


comment:2 Changed 14 months ago by op_mb


even though on/off button can be an overkill,
overriding the navigator object has no implact on github or other services that ive encountered, unless its googgle

final cheers!

comment:3 Changed 14 months ago by op_mb

correction: on/off button for Navigator object

comment:4 Changed 12 months ago by boklm

Component: ApplicationsApplications/Tor Browser
Owner: set to tbb-team
Resolution: duplicate
Status: newclosed
Version: Tor: unspecified

This is a duplicate of #28290.

comment:5 Changed 12 months ago by cypherpunks

There's an unclosed <em> tag in the description -- I hope this is not an XSS bug?

comment:6 Changed 12 months ago by gk

Description: modified (diff)
Note: See TracTickets for help on using tickets.