Closed Bug 1560574 Opened 5 years ago Closed 5 years ago

ftp:// on Windows can be used to leak the system time zone (Tor 30800)

Categories

(Core Graveyard :: Networking: FTP, enhancement, P2)

enhancement

Tracking

(firefox70 fixed)

RESOLVED FIXED
mozilla70
Tracking Status
firefox70 --- fixed

People

(Reporter: xeonchen, Assigned: xeonchen)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting][tor 30800] [necko-triaged])

Attachments

(1 file)

Tor 30800 reports that there's a potential fingerprinting issue on non-Windows platform.

When using the ftp:// protocol, directory listings contain timestamps converted to the system timezone.. These timestamps can be extracted by a script on a same-origin FTP hosted HTML page, allowing detection of a user's system timezone.

Whiteboard: [fingerprinting][tor-30800] → [fingerprinting][tor-30800] [necko-triaged]
Whiteboard: [fingerprinting][tor-30800] [necko-triaged] → [fingerprinting][tor 30800] [necko-triaged]

I tested the patch and it works for me. Do we actually know why only Windows is affected?

(In reply to Georg Koppen from comment #2)

I tested the patch and it works for me. Do we actually know why only Windows is affected?

Timezone info isn't specified here, so that the parsing here might have different result, where PRTime should always use GMT and be timezone-free.

I've updated the patch, and I think it makes more sense even on other platforms.

FWIW, I tested by visiting ftp://ftp.freebsd.org/ and I found switching privacy.resistFingerprinting on/off doesn't affect timezone displayed here until restart Firefox. But in this bug I'm trying to make the content in view-source:ftp://ftp.freebsd.org/ stable on all platforms.

(In reply to Gary Chen [:xeonchen] from comment #4)

... I found switching privacy.resistFingerprinting on/off doesn't affect timezone displayed here until restart Firefox

Gary: FYI: see bug 1491343# comment8 re RFP flipping & TZ spoofing - maybe this needs it's own bug (and tracked/linked in bug 1414162)

(In reply to Simon Mainey from comment #5)

(In reply to Gary Chen [:xeonchen] from comment #4)

... I found switching privacy.resistFingerprinting on/off doesn't affect timezone displayed here until restart Firefox

Gary: FYI: see bug 1491343# comment8 re RFP flipping & TZ spoofing - maybe this needs it's own bug (and tracked/linked in bug 1414162)

Update on current status:
After applying this patch, macOS will always display GMT time regardless privacy.resistfingerprinting is enabled or disabled, I haven't tested on Linux.

I suspect what mentioned by Simon is the root cause that my current patch doesn't work properly on mac, I didn't notice this because I was debugging with e10s disabled, that makes everything works well, including dynamically switching privacy.resistfingerprinting and reloading the ftp site.

(In reply to Gary Chen [:xeonchen] from comment #6)

After applying this patch, macOS will always display GMT time regardless privacy.resistfingerprinting is enabled or disabled, I haven't tested on Linux.

It turns out that PR_LocalTimeParameters returns different value in the content process on macOS, and is caused by sandbox.

Depends on: 1564434

IMHO: directory-listing pages are browser-generated content. Such kind of content (except about:blank) should be just forbidden to scripts and css to access.

Pushed by xeonchen@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/c4beb9353658
use FormatPRExplodedTime to display GMT; r=kershaw
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
See Also: → 1813066
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: