Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #2874
Closed
Open
Issue created Apr 09, 2011 by Mike Perry@mikeperry

Block access to Components.interfaces from content script

Components.interfaces can be used to fingerprint browser user agent down to OS and minor version. This might not be a lot of data for fingerprinting (depending on how well we keep users upgraded), but it certainly is a concern for targeting exploit payloads against a particular OS and version combo.

Here's an (outdated) PoC: http://pseudo-flaw.net/tor/torbutton/fingerprint-firefox.html

Here's the Firefox bug for this: https://bugzilla.mozilla.org/show_bug.cgi?id=429070

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking