Skip to content

Tor Browser crashes when extensions popups are opened with Wayland enabled

Summary

Summarize the bug encountered concisely. I have MOZ_ENABLE_WAYLAND=1 set in my environment in order to hint my FireFox installation to use Wayland. With this environment variable set, Tor Browser consistently crashes when trying to open NoScript from pinned extensions menu. I haven't tried to reproduce this with other extensions as it can potentially create a unique fingerprint for me.

Steps to reproduce:

How one can reproduce the issue - this is very important.

  1. Install Tor Browser from torproject.org/torbrowser-launcher.
  2. Launch tor browser with MOZ_ENABLE_WAYLAND=1 set as environment variable.
  3. Pin NoScript to extensions toolbar from Settings
  4. Try opening the NoScript extension.
  5. The Tor Browser crashes with no feedback to the user about why the crash occured

What is the current bug behavior?

What actually happens. Tor Browser crashes without any feedback to the end user. This can be frustrating or also lead people into believing that they have been infected with malware/or they have been compromised. I think this behaviour got introduced with the last update a day or two ago, as I remember opening the NoScript extension once without any issues (not sure if I actually did use NoScript before, as my FireFox installation also has NoScript and I have used both browsers side by side so I might have hallucinated)

What is the expected behavior?

What you want to see instead Tor Browser should not crash with MOZ_ENABLE_WAYLAND=1 set. I guess this bug is fixed in later versions of Firefox as I have never come across any crash with Wayland on my FireFox setup. I have been forcing FireFox to use Wayland since a long time and use plugins all the time, and also access them. Since Tor Browser is based on ESR, it might be missing the necessary bug fixes for the same.

Additionally, I think Tor Browser should ignore MOZ_ENABLE_WAYLAND=1 atleast for the time Wayland is not mainstream, as it can lead to fingerprinting based on specific behavior caused by the display protocol in use, especially with JavaScript enabled. I'm not sure how the fingerprinting would work, but surely changing the display protocol would bring about some specific behavior which may be detected by sophisticated JavaScript.

Environment

Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc. Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.

  • Tor Browser installed with torbrowser-launcher/torproject.org from extras repository on Arch Linux with KDE Plasma 5 Wayland session (all packages up to date)
  • Tor Browser installed with torbrowser-launcher/torproject.org from extras repository on Arch Linux with GNOME Wayland session (this one's pretty much stock with no modifications at all unlike my Plasma 5 session)

Relevant logs and/or screenshots

I don't know how to obtain logs for the Tor Browser, even when trying to launch Tor Browser from the terminal, Tor Browser seems to (rightfully) detach itself from the terminal, so I could not obtain logs. And for the screenshots, there is simply no point as no feedback is made available to the user. Screen-recording was an option but I do not want to reveal my Tor Browser and/or my Desktop Environment config