security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-12-22 21:00:23 +01:00
Code Releases Activity

Race condition causes persistent rnd separation between containers to lea

Browse Source 
Fixes #369
This commit is contained in:
kkapsner 2019-06-14 10:51:26 +02:00
parent 03524fd789
commit ea15fabad9
3 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/randomSupplies.js
View File

@ -63,6 +63,7 @@
}; };
const settings = require("./settings"); const settings = require("./settings");
const logging = require("./logging");
const extension = require("./extension"); const extension = require("./extension");
function getDomain(window){ function getDomain(window){
@ -81,7 +82,7 @@
} }
var persistentRnd = Object.create(null); var persistentRnd = Object.create(null);
let cookieStoreId = ""; let cookieStoreId = false;
settings.onloaded(function(){ settings.onloaded(function(){
try { try {
let storedData = JSON.parse( let storedData = JSON.parse(
@ -121,6 +122,18 @@
}); });
return function getPersistentRnd(window){ return function getPersistentRnd(window){
while (cookieStoreId === false){
logging.message("Starting synchronous request to wait for cookie store id.");
try {
let xhr = new XMLHttpRequest();
xhr.open("GET", "https://[::]", false);
xhr.send();
xhr = null;
}
catch (e){
logging.verbose("Error in XHR:", e);
}
}
var domain = cookieStoreId + getDomain(window); var domain = cookieStoreId + getDomain(window);
if (!persistentRnd[domain]){ if (!persistentRnd[domain]){
// create the (sub-)domains random numbers if not existing // create the (sub-)domains random numbers if not existing
@ -144,10 +157,7 @@
persistentRnd[domain] = new Uint8Array(rnd); persistentRnd[domain] = new Uint8Array(rnd);
}; };
scope.persistent.setCookieStoreId = function(newCookieStoreId){ scope.persistent.setCookieStoreId = function(newCookieStoreId){
if ( if (typeof newCookieStoreId === "string"){
typeof newCookieStoreId === "string" &&
newCookieStoreId !== "firefox-default"
){
cookieStoreId = ( cookieStoreId = (
newCookieStoreId !== "" && newCookieStoreId !== "" &&
newCookieStoreId !== "firefox-default" newCookieStoreId !== "firefox-default"

1
releaseNotes.txt
View File

@ -11,6 +11,7 @@ Version 0.5.11:
fixes: fixes:
- improved protection of (i)frame properties - improved protection of (i)frame properties
- document.write and document.writeln protection broke pages - document.write and document.writeln protection broke pages
- race condition causes persistent rnd separation between containers to leak
known issues: known issues:
- if a data URL is blocked the page action button does not appear - if a data URL is blocked the page action button does not appear

4
versions/updates.json
View File

@ -17,6 +17,10 @@
{ {
"version": "0.5.11Alpha20190612", "version": "0.5.11Alpha20190612",
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi" "update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi"
},
{
"version": "0.5.11Alpha20190614",
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190614-an+fx.xpi"
} }
] ]
} }