Patch Firefox to alter window.screen directly

Georg Koppen found a race condition in our Javascript hook application that allows the hooks to be bypassed. Right now, they only exist to project window.screen and associated resolution information, so we can probably just replace them with a patch.

added actualpoints::6 component::firefox patch issues interview owner::mikeperry priority::very high resolution::fixed status::closed tbb-fingerprinting type::defect labels

Trac:
Cc: N/A to g.koppen@jondos.de

See #5857 (closed) for the alternative to keep hooking functionality around.

Trac:
Keywords: MikePerry201205 deleted, MikePerry201206 added

Note to self: Don't forget about MediaElement too, for full screen mode.

More notes to self: If we spoof display depth in window.screen, we should also spoof a matching value in WebGLContext::GetContextAttributes().

Trac:
Keywords: MikePerry201206 deleted, N/A added

Some additional attributes wrt device orientation here: https://bugzilla.mozilla.org/show_bug.cgi?id=720794. I think they're mostly harmless, though.

Ditto for screen orientation locking: https://bugzilla.mozilla.org/show_bug.cgi?id=740188

Firefox 15 just made all of these immutable from script, so our old js hooks are totally useless now. We need to get this done before the next ESR release at least (FF17).

Trac:
Priority: major to critical

This will interest you:

https://bugzilla.mozilla.org/show_bug.cgi?id=787296

Cool, thanks. We already have a patch for the styles case, actually: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0010-Limit-device-and-system-specific-CSS-Media-Queries.patch

That one's safe but did you try the test script? TorBrowser is also vulnerable to the system color and font reading.

cypherpunks: The font issue should already be mitigated by #2872 (closed). We have some improvements planned in #5798 (moved). For system color (by which I assume you mean min-color and screen bitwith), I've created #6786 (closed).

We should also remember to handle window.screen's colorDepth information here.

As a general FYI: gk has some additional automated mozmill test cases in #5920 (moved). We're still trying to figure out what to do with those.

Err, the tests are in #5290 (moved).

That's not what I mean. It shows those issues, but also some completely different ones. Look at the test case.

Trac:
Keywords: N/A deleted, interview added

And they backported this to 10.0.8-ESR, breaking our hooks there too.

The good news is that one of our browser hacker interview candidate teams has written this fix for us. We should be able to use their patch in the next TBB release.

https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0023-Do-not-expose-physical-screen-info.-via-window-and-w.patch

Trac:
Resolution: N/A to fixed
Actualpoints: N/A to 6
Status: new to closed

closed

added 48h of time spent

mentioned in issue #5857 (closed)

mentioned in issue #6420 (closed)

mentioned in issue #6737 (closed)

mentioned in issue #7006 (closed)

mentioned in issue #7214 (closed)

mentioned in issue #12924 (moved)

mentioned in issue #13875 (moved)

mentioned in issue #14205 (moved)

mentioned in issue #14985 (moved)

mentioned in issue #15197 (moved)

mentioned in issue #16577 (moved)

mentioned in issue tpo/applications/tor-browser#12924 (closed)

mentioned in issue tpo/applications/tor-browser#15197 (closed)

mentioned in issue tpo/applications/tor-browser#16577 (moved)

mentioned in issue tpo/applications/tor-browser-bundle-testsuite#40050