Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #2873
Closed
Open
Created Apr 09, 2011 by Mike Perry@mikeperry

Block Components.lookupMethod in TorBrowser

It appears that EMCAScript 5 added official support for hooking JS objects for protection against XSS. However Firefox seems to have left a backdoor to undo these hooks in the form of Components.lookupMethod, which is marked "unconfigurable" (which means it cannot be hooked).

We should remove this bit, and/or neuter this API in TorBrowser. This should allow us to safely write JS hooks to deal with fingerprinting issues in the window object and the DOM.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking