Opened 7 years ago

Closed 3 years ago

Last modified 3 years ago

#7130 closed defect (fixed)

Canvas image data is blocked from chrome (such as NoScript's ClearClick)

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: noscript
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Something about how Chrome callers (especially NoScript) can create canvases can leave them without any window or context for their owner document for ThirdPartyUtil::GetFirstPartyURI(). In #7128, we just hacked the GetFirstPartyURI call to return failure, which in turn should block permissions to the canvas.

However, the ideal solution is probably to either check IsChrome() or otherwise find some way to exempt NoScript.

It's possible that we break NoScript's ClearClick protections because of this issue.

Child Tickets

Change History (7)

comment:1 Changed 7 years ago by mikeperry

Summary: Canvas image data is blocked from chrome callersCanvas image data is blocked from chrome (such as NoScript's ClearClick)

Technically, this actually breaks NoScript's ClearClick protections, but I have not noticed NoScript ever successfully blockeding a real clickjack with ClearClick.. And I have been clickjacked..

If I'm wrong, and ClearClick actually does block real clickjack vectors in a normal Firefox, perhaps this ticket should be bumped to major or higher. It could be that other TBB changes also break ClearClick..

comment:2 Changed 7 years ago by gk

Cc: g.koppen@… added

comment:3 Changed 5 years ago by erinn

Keywords: tbb-firefox-patch added

comment:4 Changed 5 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:5 Changed 3 years ago by bugzilla

Keywords: noscript added; tbb-firefox-patch removed
Severity: Normal
Status: newneeds_information

Giorgio, what do you think about it?

comment:6 Changed 3 years ago by gk

Resolution: fixed
Status: needs_informationclosed

This got fixed by #13439 I think. (note, though, that we had to disable ClearClick, see #14985 for details).

comment:7 Changed 3 years ago by bugzilla

The question is about comment:1.

Note: See TracTickets for help on using tickets.