Tor Browser improperly handles Javascript screen properties
Tor Browser improperly handles some Javascript properties.
screen.height
and screen.width
are returning window.innerHeight
and window.innerWidth
values.
It can be used eg. to enumerate Tor Browser globally and ofc. it can break some scripts on particular pages.
Retro steps:
- Open Tor Browser
- Don't maximize browser window, enable js (if disabled)
- Load a web page
- Go to Javascript console
- Type screen.height
- You will see the window height instead of the screen height (eg. 500 instead of 1080 px in full hd).
Tested on: Tor Browser Bundle 3.6.6 (Firefox ESR 24.8.1) - OS X and Windows 64 bit version
Trac:
Username: vizzdoom