Bug 1642729 Comment 24 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Hi,

I wonder if saving a temporary file is a big concern (comment #20) to stop shipping the code. I am not sure what's the protocol when having a privacy concern. Is this risk acceptable if the current code is shipped?

If leaking the data through a browser extension that communicates with the third-party native app on the computer is a real concern, are all the data stored in the computer with `0644` permission (e.g., cookies, session-storage, ...) vulnerabilities?

Aside from that, the media session's information would be exposed to the D-bus interface, so any application or script reading data from D-bus can get the track info sent from Firefox, such as track title, album name, artist name, which should give more information than a temporary image. If browser extension has a way to communicate with the native app that reads data from D-bus, then all the track info would be exposed. Is that something we need to concern?
Hi,

I wonder if saving a temporary file is a big concern (comment #20) to stop shipping the code. I am not sure what's the protocol when having a privacy concern. Is this risk acceptable if the current code is shipped? Do we have procedure to decide the risk is acceptable or not?

If leaking the data through a browser extension that communicates with the third-party native app on the computer is a real concern, are all the data stored in the computer with `0644` permission (e.g., cookies, session-storage, ...) vulnerabilities?

Aside from that, the media session's information would be exposed to the D-bus interface, so any application or script reading data from D-bus can get the track info sent from Firefox, such as track title, album name, artist name, which should give more information than a temporary image. If browser extension has a way to communicate with the native app that reads data from D-bus, then all the track info would be exposed. Is that something we need to concern?
Hi,

I wonder if saving a temporary file is a big concern (comment #20) to stop shipping the code. I am not sure what's the protocol when having a privacy concern. Is this risk acceptable if the current code is shipped? Do we have procedure to decide the risk is acceptable or not?

If leaking the data through a browser extension that communicates with the third-party native app on the computer is a real concern, are all the data stored in the computer with `0644` permission (e.g., cookies, session-storage, ...) vulnerabilities?

Aside from that, the media session's information would be exposed to the D-bus interface, so any application or script reading data from D-bus can get the track info sent from Firefox, such as track title, album name, artist name, which should give more information than a temporary image. If browser extension has a way to communicate with the native app that reads data from D-bus, then all the track info could be exposed to a browser extension. Is that something we need to concern?
Hi,

I wonder if saving a temporary file is a big concern (comment #20) to stop shipping the code. I am not sure what's the protocol when having a privacy concern. Is this risk acceptable if the current code is shipped? Do we have a procedure to decide whether the risk is acceptable or not?

If leaking the data through a browser extension that communicates with the third-party native app on the computer is a real concern, are all the data stored in the computer with `0644` permission (e.g., cookies, session-storage, ...) vulnerabilities?

Aside from that, the media session's information would be exposed to the D-bus interface, so any application or script reading data from D-bus can get the track info sent from Firefox, such as track title, album name, artist name, which should give more information than a temporary image. If browser extension has a way to communicate with the native app that reads data from D-bus, then all the track info could be exposed to a browser extension. Is that something we need to concern?

Back to Bug 1642729 Comment 24