Note that by not using the same context pointer for all timestamps within a single
'communication group' (that is, all things that can communication to each other
in JavaScript), it's possible to observe time going backwards.
Imagine comparing
performance.timeOrigin + performance.now() < new File([], "").lastModified
In theory this should always be true. However, if performance.now() was jittered
up (using one context pointer, because it is a relative timestamp) and File was
jittered down (using a null context pointer, because it is an absolute timestamp)
then this may evaluate to False.
I think this is okay.
MozReview-Commit-ID: BfgbmGS8XdD
--HG--
extra : rebase_source : 1d105d9b63e61561be06dbfe2a3fccf534ee68b3
This patch is adapted from Tor bug 1517.
To offer some protection against timing attacks by JS content pages, in this
patch we round the various time-exposing APIs (such as Date and
Event.timeStamps) to the nearest 100 ms when the pref "privacy.resistFingerprinting" is on.
MozReview-Commit-ID: eGucM9nGTn
--HG--
extra : rebase_source : 3ee600b07943f3954e9a2a9561391f2f7821bb86
Tom Ritter
Andrea Marchesini
Jonathan Hao