There's at least one way to do this; maybe more. I'm hopeful that fixing this instance would fix all other issues.
The new window test on https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen will be able to grab the viewport sizes before letterboxing is applied.
Note that with RFP enabled, the popup is fixed to a (max) size of 1000x1000 and the test will grab that value. But it's coincidental that 1000x1000 is also the letterboxed value. You can observe this test succeeding in stealing the real viewport size by either disabling RFP, or setting privacy.resistFingerprinting.letterboxing.dimensions to something like 500x500.
So with RFP enabled, and all other settings default, we are protected from this by luck.
But if the user has set browser.link.open_newwindow.restriction to, for example, open windows in a new tab - then we are not protected because we'll be grabbing the viewport size.