1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,50 +0,0 @@ |
1 |
-- Review of https://developer.mozilla.org/en/Firefox_4_for_developers |
|
2 |
- - Potential proxy issues |
|
3 |
- - DocShell and plugins inside createHTMLDocument? |
|
4 |
- - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument |
|
5 |
- - WebSockets? |
|
6 |
- - Media attributes? |
|
7 |
- - "buffered" |
|
8 |
- - "preload" |
|
9 |
- - new codecs? |
|
10 |
- - What the hell is a blob url? |
|
11 |
- - https://developer.mozilla.org/en/DOM/window.createBlobURL |
|
12 |
- - https://developer.mozilla.org/en/DOM/window.revokeBlobURL |
|
13 |
- - Seems only relevent to FS injection.. |
|
14 |
- - WebThreads are OK: |
|
15 |
- - https://developer.mozilla.org/En/Using_web_workers |
|
16 |
- - Network activity blocked by content policy |
|
17 |
- - Fingerprinting issues: |
|
18 |
- - New screen attributes |
|
19 |
- - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y |
|
20 |
- - High Res Animation Timers: |
|
21 |
- - https://developer.mozilla.org/en/DOM/window.mozAnimationStartTime |
|
22 |
- - https://developer.mozilla.org/en/DOM/Animations_using_MozBeforePaint |
|
23 |
- - 50-60hz max.. Can we leverage this? |
|
24 |
- - timeStamps on keystroke events |
|
25 |
- - https://developer.mozilla.org/en/DOM/event.timeStamp |
|
26 |
- - Bounding rectangles -> window sizes? |
|
27 |
- - Maybe not display sizes, but seems possible to fingerprint rendered |
|
28 |
- content size.. ugh. |
|
29 |
- - https://developer.mozilla.org/en/DOM/element.getBoundingClientRect |
|
30 |
- - https://developer.mozilla.org/en/dom:range |
|
31 |
- - CSS resize, media queries, etc.. |
|
32 |
- - WebGL may also expose screen properties and video card properties: |
|
33 |
- - https://developer.mozilla.org/en/WebGL |
|
34 |
- - https://www.khronos.org/registry/webgl/specs/1.0/#5.2 |
|
35 |
- - https://www.khronos.org/registry/webgl/specs/1.0/#5.11 |
|
36 |
- - SVG needs auditing. It may also expose absolute coords, but appears OK |
|
37 |
- - https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL |
|
38 |
- - Mouse events reveal desktop coordinates |
|
39 |
- - https://bugzilla.mozilla.org/show_bug.cgi?id=503943 |
|
40 |
- - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent |
|
41 |
- - Actual screen dimensions not exposed |
|
42 |
- - Identifier Storage |
|
43 |
- - Content Secuity Properties may need clearing: |
|
44 |
- - https://developer.mozilla.org/en/Security/CSP |
|
45 |
- - STS cache needs clearing |
|
46 |
- - New window.history functions may allow state smuggling |
|
47 |
- - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history |
|
48 |
- |
|
49 |
-- New Javascript hooking options may help improve Date() hooks: |
|
50 |
- - https://developer.mozilla.org/en/JavaScript/New_in_JavaScript/1.8.5 |
... | ... |
@@ -17,6 +17,12 @@ |
17 | 17 |
- Fingerprinting issues: |
18 | 18 |
- New screen attributes |
19 | 19 |
- https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y |
20 |
+ - High Res Animation Timers: |
|
21 |
+ - https://developer.mozilla.org/en/DOM/window.mozAnimationStartTime |
|
22 |
+ - https://developer.mozilla.org/en/DOM/Animations_using_MozBeforePaint |
|
23 |
+ - 50-60hz max.. Can we leverage this? |
|
24 |
+ - timeStamps on keystroke events |
|
25 |
+ - https://developer.mozilla.org/en/DOM/event.timeStamp |
|
20 | 26 |
- Bounding rectangles -> window sizes? |
21 | 27 |
- Maybe not display sizes, but seems possible to fingerprint rendered |
22 | 28 |
content size.. ugh. |
... | ... |
@@ -1,36 +1,44 @@ |
1 |
-- Major compatibility issues: |
|
2 |
- http://blog.mozilla.com/addons/2010/11/11/making-add-on-compatible-firefox-4/ |
|
3 |
- https://developer.mozilla.org/en/Extensions/Updating_extensions_for_Firefox_4 |
|
4 |
- https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0 |
|
5 |
- |
|
6 |
-- Key high level concerns: |
|
7 |
- - WebThreads |
|
8 |
- - https://developer.mozilla.org/En/Using_web_workers |
|
9 |
- - Network activity blocked by content policy |
|
10 |
- - What the hell is a blob url? |
|
11 |
- - https://developer.mozilla.org/en/DOM/window.createBlobURL |
|
12 |
- - https://developer.mozilla.org/en/DOM/window.revokeBlobURL |
|
13 |
- - Seems only relevent to FS injection.. |
|
14 |
- - WebSockets |
|
15 |
- - New window.history functions may allow state smuggling |
|
16 |
- - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history |
|
17 |
- - New screen attributes |
|
18 |
- - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y |
|
19 |
- - Bounding rectangles -> window sizes? |
|
20 |
- - https://bugzilla.mozilla.org/show_bug.cgi?id=396392 |
|
21 |
- - Mouse events reveal desktop coordinates? |
|
22 |
- - https://bugzilla.mozilla.org/show_bug.cgi?id=503943 |
|
23 |
- - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent |
|
24 |
- - DocShell and plugins inside createHTMLDocument? |
|
25 |
- - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument |
|
26 |
- - Media attributes |
|
27 |
- - "buffered" |
|
28 |
- - "preload" |
|
29 |
- - new codecs? |
|
30 |
- |
|
31 |
- |
|
32 |
- |
|
33 |
-- New fingerprinting threats: |
|
34 |
- - Lots of things are now available to CSS :( |
|
35 |
- |
|
1 |
+- Review of https://developer.mozilla.org/en/Firefox_4_for_developers |
|
2 |
+ - Potential proxy issues |
|
3 |
+ - DocShell and plugins inside createHTMLDocument? |
|
4 |
+ - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument |
|
5 |
+ - WebSockets? |
|
6 |
+ - Media attributes? |
|
7 |
+ - "buffered" |
|
8 |
+ - "preload" |
|
9 |
+ - new codecs? |
|
10 |
+ - What the hell is a blob url? |
|
11 |
+ - https://developer.mozilla.org/en/DOM/window.createBlobURL |
|
12 |
+ - https://developer.mozilla.org/en/DOM/window.revokeBlobURL |
|
13 |
+ - Seems only relevent to FS injection.. |
|
14 |
+ - WebThreads are OK: |
|
15 |
+ - https://developer.mozilla.org/En/Using_web_workers |
|
16 |
+ - Network activity blocked by content policy |
|
17 |
+ - Fingerprinting issues: |
|
18 |
+ - New screen attributes |
|
19 |
+ - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y |
|
20 |
+ - Bounding rectangles -> window sizes? |
|
21 |
+ - Maybe not display sizes, but seems possible to fingerprint rendered |
|
22 |
+ content size.. ugh. |
|
23 |
+ - https://developer.mozilla.org/en/DOM/element.getBoundingClientRect |
|
24 |
+ - https://developer.mozilla.org/en/dom:range |
|
25 |
+ - CSS resize, media queries, etc.. |
|
26 |
+ - WebGL may also expose screen properties and video card properties: |
|
27 |
+ - https://developer.mozilla.org/en/WebGL |
|
28 |
+ - https://www.khronos.org/registry/webgl/specs/1.0/#5.2 |
|
29 |
+ - https://www.khronos.org/registry/webgl/specs/1.0/#5.11 |
|
30 |
+ - SVG needs auditing. It may also expose absolute coords, but appears OK |
|
31 |
+ - https://developer.mozilla.org/en/SVG/SVG_animation_with_SMIL |
|
32 |
+ - Mouse events reveal desktop coordinates |
|
33 |
+ - https://bugzilla.mozilla.org/show_bug.cgi?id=503943 |
|
34 |
+ - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent |
|
35 |
+ - Actual screen dimensions not exposed |
|
36 |
+ - Identifier Storage |
|
37 |
+ - Content Secuity Properties may need clearing: |
|
38 |
+ - https://developer.mozilla.org/en/Security/CSP |
|
39 |
+ - STS cache needs clearing |
|
40 |
+ - New window.history functions may allow state smuggling |
|
41 |
+ - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history |
|
36 | 42 |
|
43 |
+- New Javascript hooking options may help improve Date() hooks: |
|
44 |
+ - https://developer.mozilla.org/en/JavaScript/New_in_JavaScript/1.8.5 |
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,36 @@ |
1 |
+- Major compatibility issues: |
|
2 |
+ http://blog.mozilla.com/addons/2010/11/11/making-add-on-compatible-firefox-4/ |
|
3 |
+ https://developer.mozilla.org/en/Extensions/Updating_extensions_for_Firefox_4 |
|
4 |
+ https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0 |
|
5 |
+ |
|
6 |
+- Key high level concerns: |
|
7 |
+ - WebThreads |
|
8 |
+ - https://developer.mozilla.org/En/Using_web_workers |
|
9 |
+ - Network activity blocked by content policy |
|
10 |
+ - What the hell is a blob url? |
|
11 |
+ - https://developer.mozilla.org/en/DOM/window.createBlobURL |
|
12 |
+ - https://developer.mozilla.org/en/DOM/window.revokeBlobURL |
|
13 |
+ - Seems only relevent to FS injection.. |
|
14 |
+ - WebSockets |
|
15 |
+ - New window.history functions may allow state smuggling |
|
16 |
+ - https://developer.mozilla.org/en/DOM/Manipulating_the_browser_history |
|
17 |
+ - New screen attributes |
|
18 |
+ - https://developer.mozilla.org/en/DOM/window.mozInnerScreenX, Y |
|
19 |
+ - Bounding rectangles -> window sizes? |
|
20 |
+ - https://bugzilla.mozilla.org/show_bug.cgi?id=396392 |
|
21 |
+ - Mouse events reveal desktop coordinates? |
|
22 |
+ - https://bugzilla.mozilla.org/show_bug.cgi?id=503943 |
|
23 |
+ - https://developer.mozilla.org/en/DOM/Event/UIEvent/MouseEvent |
|
24 |
+ - DocShell and plugins inside createHTMLDocument? |
|
25 |
+ - https://developer.mozilla.org/en/DOM/DOMImplementation.createHTMLDocument |
|
26 |
+ - Media attributes |
|
27 |
+ - "buffered" |
|
28 |
+ - "preload" |
|
29 |
+ - new codecs? |
|
30 |
+ |
|
31 |
+ |
|
32 |
+ |
|
33 |
+- New fingerprinting threats: |
|
34 |
+ - Lots of things are now available to CSS :( |
|
35 |
+ |
|
36 |
+ |