Open
Bug 1693212
Opened 4 years ago
Updated 2 years ago
getClientRects plus CSS Animation can synthesize a RAF-interval-resolution timing probe
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: jgilbert, Unassigned)
References
Details
(Keywords: sec-low, Whiteboard: [domsecurity-backlog][fingerprinting])
Attachments
(1 file)
|
2.36 KB,
text/html
|
Details |
Here's a proof-of-concept for using a CSS Animation with getClientRects to synthesize a timestamp at better resolution than our RFP 100ms truncate mitigation should allow.
This is related to an idea I had in bug 1692609 to use RAF interval as our truncation granularity for RFP.
Maybe this doesn't warrant being a sec bug, but it's a subversion of our timer mitigations.
tjr: If this can be public we can open it up. Up to you!
|
||
Updated•4 years ago
|
Group: core-security → dom-core-security
Severity: -- → S3
Flags: needinfo?(tom)
Priority: -- → P3
|
Reporter | |
Comment 1•4 years ago
|
||
Oops, I guess I missed adding the needinfo!
|
|
Reporter | |
Comment 2•4 years ago
|
||
From some of the comments elsewhere, it sounds like we chosen to deliberately not mitigated this, which is fine. (this problem sort of goes away with the 60hz-time-atom patch in bug 1692609)
|
||
Comment 3•4 years ago
|
||
FWIW, I am fine with opening that up (if that is the question).
Flags: needinfo?(tom)
|
|
||
Updated•4 years ago
|
Whiteboard: [domsecurity-backlog][fingerprinting]
|
|
||
Updated•4 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•