tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 58ec314162bea1fdda7650c5e821191bd654e14f
parent 6d1fbb3239353ef644256b277442a8f79bbaf542
Author: Tom Ritter <tom@mozilla.com>
Date:   Wed, 17 Dec 2025 17:44:38 +0000

Bug 1976287: Sanitize WebGL Vendor to an allowlisted set of names r=timhuang

Differential Revision: https://phabricator.services.mozilla.com/D276177

Diffstat:

Mdom/canvas/ClientWebGLContext.cpp | 13++++++++++---


Mdom/canvas/SanitizeRenderer.cpp | 45+++++++++++++++++++++++++++++++++++++++++++++


Mtoolkit/components/resistfingerprinting/RFPTargets.inc | 1+


3 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/dom/canvas/ClientWebGLContext.cpp b/dom/canvas/ClientWebGLContext.cpp
@@ -49,6 +49,7 @@ namespace mozilla {
 
 namespace webgl {
 std::string SanitizeRenderer(const std::string&);
+std::string SanitizeVendor(const std::string&);
 }  // namespace webgl
 
 // -
@@ -2454,9 +2455,15 @@ void ClientWebGLContext::GetParameter(JSContext* cx, GLenum pname,
             break;
 
           case dom::WEBGL_debug_renderer_info_Binding::UNMASKED_VENDOR_WEBGL:
-            ret = ShouldResistFingerprinting(RFPTarget::WebGLRenderInfo)
-                      ? Some("Mozilla"_ns)
-                      : GetUnmaskedVendor();
+            if (ShouldResistFingerprinting(RFPTarget::WebGLRenderInfo)) {
+              ret = Some("Mozilla"_ns);
+            } else {
+              ret = GetUnmaskedVendor();
+              if (ret &&
+                  ShouldResistFingerprinting(RFPTarget::WebGLVendorSanitize)) {
+                ret = Some(webgl::SanitizeVendor(*ret));
+              }
+            }
             break;
 
           default:
diff --git a/dom/canvas/SanitizeRenderer.cpp b/dom/canvas/SanitizeRenderer.cpp
@@ -360,5 +360,50 @@ std::string SanitizeRenderer(const std::string& raw_renderer) {
   return *replacementDevice + ", or similar";
 }
 
+// -
+
+/**
+ * Sanitize vendor string to standardized buckets.
+ * E.g. "NVIDIA Corporation" => "NVIDIA Corporation"
+ */
+std::string SanitizeVendor(const std::string& raw_vendor) {
+  if (Contains(raw_vendor, "NVIDIA")) {
+    return "NVIDIA Corporation";
+  }
+  if (Contains(raw_vendor, "Intel")) {
+    return "Intel";
+  }
+  if (Contains(raw_vendor, "AMD") || Contains(raw_vendor, "ATI") ||
+      Contains(raw_vendor, "Advanced Micro Devices")) {
+    return "AMD";
+  }
+  if (Contains(raw_vendor, "Qualcomm")) {
+    return "Qualcomm";
+  }
+  if (Contains(raw_vendor, "ARM")) {
+    return "ARM";
+  }
+  if (Contains(raw_vendor, "Apple")) {
+    return "Apple";
+  }
+  if (Contains(raw_vendor, "Samsung")) {
+    return "Samsung";
+  }
+  if (Contains(raw_vendor, "Mesa") || Contains(raw_vendor, "X.Org")) {
+    return "Mesa";
+  }
+  if (Contains(raw_vendor, "Microsoft")) {
+    return "Microsoft";
+  }
+  if (Contains(raw_vendor, "VMware")) {
+    return "VMware";
+  }
+  if (Contains(raw_vendor, "Google")) {
+    return "Google";
+  }
+
+  return "Other";
+}
+
 };  // namespace webgl
 };  // namespace mozilla
diff --git a/toolkit/components/resistfingerprinting/RFPTargets.inc b/toolkit/components/resistfingerprinting/RFPTargets.inc
@@ -109,6 +109,7 @@ ITEM_VALUE(MaxTouchPointsCollapse,      73)
 ITEM_VALUE(NavigatorHWConcurrencyTiered,74)
 ITEM_VALUE(WebGLRandomization,          75)
 ITEM_VALUE(EfficientCanvasRandomization, 76)
+ITEM_VALUE(WebGLVendorSanitize,         77)
 
 // !!! Adding a new target? Rename PointerId and repurpose it.