Remove gfx.direct2d.disabled layers.acceleration.disabled #230
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* These preferences were introduced in 61a2cb8 * None of the linked items here or in the commit message suggest that these pref are related to hardening, or avoiding hardware/canvas/fonts/plugins/based fingerprinting * http://www.w2spconf.com/2012/papers/w2sp12-final4.pdf suggests that: "Tying the browser more closely to operating system functionality and system hardware means that websites have more access to [...] resources, not designed to handle adversarial input [...] different behavior can be used to distinguish systems," But does not provide mitigation recommendations related to these prefs * gfx.direct2d.disabled only forces uses of Direct2d on systems where other rendering options such as OpenGL are available * layers.acceleration.disabled: there is no indication that this could serve as an entropy source for fingerprinting, or is otherwise vulnerable https://trac.torproject.org/projects/tor/attachment/ticket/9438/0001-setting-layers.acceleration.disabled-to-true-to-fix-.patch disabled it as a fix for broken display on some machines, not as a hardening measure add flash player CVE list link, update redirected link
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
are related to hardening, or avoiding hardware/canvas/fonts/plugins/based fingerprinting
"Tying the browser more closely to operating system functionality and system hardware means
that websites have more access to [...] resources, not designed to handle adversarial input
[...] different behavior can be used to distinguish systems,"
But does not provide mitigation recommendations related to these prefs
https://trac.torproject.org/projects/tor/attachment/ticket/9438/0001-setting-layers.acceleration.disabled-to-true-to-fix-.patch disabled it as a fix for broken display on some machines, not as a hardening measure
add flash player CVE list link, update redirected link