Opened 9 days ago

Last modified 9 days ago

#31667 new defect

NAvigator object leaking OS, again?

Reported by: op_mb Owned by:
Priority: Medium Milestone:
Component: Applications Version: Tor: unspecified
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


hey all,

tor browser version 8.5.5 in tails os, navigator object leaks OS,

you need to modify these


here's the ticket (with pics), they redirected me to you:
(look at the pics i uploded there)

i've read the other tickets here, about fingerprinting, point is, that, automated scripts will vector attacks based on platform, so this is just opening an attack vector


Child Tickets

Change History (3)

comment:1 Changed 9 days ago by op_mb

p.s.: Bug 26146: Spoof HTTP User-Agent header for desktop platforms

propose on/off button "... to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs."

p.p.s. i know some forms dont load, like on youtube for example, if navigator.spoofed == true (lol)


comment:2 Changed 9 days ago by op_mb


even though on/off button can be an overkill,
overriding the navigator object has no implact on github or other services that ive encountered, unless its googgle

final cheers!

comment:3 Changed 9 days ago by op_mb

correction: on/off button for Navigator object

Note: See TracTickets for help on using tickets.