Closed Bug 1693212 Opened 4 years ago Closed 1 year ago

getClientRects plus CSS Animation can synthesize a RAF-interval-resolution timing probe

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jgilbert, Unassigned)

References

Details

(Keywords: sec-low, Whiteboard: [domsecurity-backlog][fingerprinting])

Attachments

(1 file)

css-animation-timer.html
2.36 KB, text/html
Details

Here's a proof-of-concept for using a CSS Animation with getClientRects to synthesize a timestamp at better resolution than our RFP 100ms truncate mitigation should allow.

This is related to an idea I had in bug 1692609 to use RAF interval as our truncation granularity for RFP.

Maybe this doesn't warrant being a sec bug, but it's a subversion of our timer mitigations.

tjr: If this can be public we can open it up. Up to you!

Group: core-security → dom-core-security
Severity: -- → S3
Flags: needinfo?(tom)
Priority: -- → P3

Oops, I guess I missed adding the needinfo!

From some of the comments elsewhere, it sounds like we chosen to deliberately not mitigated this, which is fine. (this problem sort of goes away with the 60hz-time-atom patch in bug 1692609)

FWIW, I am fine with opening that up (if that is the question).

Flags: needinfo?(tom)
Whiteboard: [domsecurity-backlog][fingerprinting]
Group: dom-core-security

I think we can close this, yes?

Thanks!

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: