Closed
Bug 417994
Opened 16 years ago
Closed 16 years ago
navigator object does not fully reflect user agent settings
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.9beta5
People
(Reporter: mikeperry.unused, Assigned: gfleischer+bugzilla)
References
Details
(Keywords: privacy, verified1.8.1.15)
Attachments
(2 files, 1 obsolete file)
2.69 KB,
patch
|
gfleischer+bugzilla
:
review+
beltzner
:
approval1.9+
|
Details | Diff | Splinter Review |
2.19 KB,
patch
|
jst
:
review+
jst
:
superreview+
dveditz
:
approval1.8.1.15+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 The navigator object does not reflect a spoofed user agent for the following properties: navigator.oscpu navigator.productSub Despite providing a spoofed information to the general.useragent.* settings, these properties reveal the original platform and build date. Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: Ideally, these properties would obtain their values by parsing the general.useragent.override string, but for many useragents this is not possible. In those cases, either alternate general.useragent.* could be consulted, or these properties would just be undefined.
Comment 1•16 years ago
|
||
Why don't you upgrade to 2.0.0.12?
Assignee | ||
Comment 3•16 years ago
|
||
In Firefox 2.0.0.12, the 'productSub' value could be set using the 'general.useragent.productSub' preference. See http://lxr.mozilla.org/mozilla1.8/source/netwerk/protocol/http/src/nsHttpHandler.cpp#830 This functionality no longer exists in the latest trunk.
Reporter | ||
Updated•16 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 4•16 years ago
|
||
Bug 350521 describes a similar problem with the 'navigator.buildID' value. To reproduce issue, either manually modify useragent config pref ("general.useragent.override") or use extension such as User Agent Switcher. Visiting http://pseudo-flaw.net/s/show-oscpu-productsub-buildid.html will show that the 'oscpu', 'productSub' and 'buildID' are still the original values.
Assignee | ||
Comment 5•16 years ago
|
||
Adds new preferences to allow override of 'navigator.oscpu', 'navigator.productSub' and 'navigator.buildID': - "general.oscpu.override" - "general.productSub.override" - "general.buildID.override" Additionally, for 'navigator.productSub' checks for the undocumented 1.8 branch pref "general.useragent.productSub".
Assignee | ||
Updated•16 years ago
|
Attachment #307168 -
Flags: superreview?(jst)
Attachment #307168 -
Flags: review?(jst)
Assignee | ||
Comment 6•16 years ago
|
||
The proposed patch also addresses bug 350521.
Comment 7•16 years ago
|
||
Comment on attachment 307168 [details] [diff] [review] Proposed patch for trunk + const nsAdoptingCString& override = + nsContentUtils::GetCharPref("general.productSub.override"); + + if (override) { + CopyUTF8toUTF16(override, aProductSub); + return NS_OK; + } else { + // 'general.useragent.productSub' backwards compatible with 1.8 branch. + const nsAdoptingCString& override = + nsContentUtils::GetCharPref("general.useragent.productSub"); Might want to rename this override variable to avoid compiler warnings about this one shadowing the above one. r+sr=jst, thanks for the fix!
Attachment #307168 -
Flags: superreview?(jst)
Attachment #307168 -
Flags: superreview+
Attachment #307168 -
Flags: review?(jst)
Attachment #307168 -
Flags: review+
Assignee | ||
Comment 8•16 years ago
|
||
Updated patch to remove compiler warnings.
Attachment #307168 -
Attachment is obsolete: true
Assignee | ||
Updated•16 years ago
|
Attachment #307368 -
Flags: review+
Reporter | ||
Updated•16 years ago
|
Keywords: checkin-needed
Comment 9•16 years ago
|
||
This isn't a blocker and doesn't have approval.
Component: General → DOM
Keywords: checkin-needed
OS: Windows XP → All
Product: Firefox → Core
QA Contact: general → general
Hardware: PC → All
Version: unspecified → Trunk
Updated•16 years ago
|
Assignee: nobody → gfleischer+bugzilla
Updated•16 years ago
|
Status: NEW → ASSIGNED
Flags: blocking1.9?
Updated•16 years ago
|
Attachment #307368 -
Flags: approval1.9?
Comment 10•16 years ago
|
||
Comment on attachment 307368 [details] [diff] [review] Updated trunk patch removes compiler warning a1.9=beltzner
Attachment #307368 -
Flags: approval1.9? → approval1.9+
Updated•16 years ago
|
Keywords: checkin-needed
Comment 11•16 years ago
|
||
Not a blocker, but this has approval so feel free to land this.
Flags: blocking1.9? → blocking1.9-
Comment 12•16 years ago
|
||
Checking in dom/src/base/nsGlobalWindow.cpp; /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v <-- nsGlobalWindow.cpp new revision: 1.1001; previous revision: 1.1000 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta5
Assignee | ||
Comment 15•16 years ago
|
||
Patch for branch that adds new preferences to allow override of 'navigator.oscpu', 'navigator.productSub' and 'navigator.buildID': - "general.oscpu.override" - "general.productSub.override" - "general.buildID.override"
Attachment #322211 -
Flags: superreview?
Attachment #322211 -
Flags: review?
Attachment #322211 -
Flags: approval1.8.1.15?
Assignee | ||
Updated•16 years ago
|
Attachment #322211 -
Flags: superreview?(jst)
Attachment #322211 -
Flags: superreview?
Attachment #322211 -
Flags: review?(jst)
Attachment #322211 -
Flags: review?
Comment 16•16 years ago
|
||
Comment on attachment 322211 [details] [diff] [review] Patch for branch can't approve until reviewed
Updated•16 years ago
|
Whiteboard: needs r/sr=jst
Updated•16 years ago
|
Attachment #322211 -
Flags: superreview?(jst)
Attachment #322211 -
Flags: superreview+
Attachment #322211 -
Flags: review?(jst)
Attachment #322211 -
Flags: review+
Updated•16 years ago
|
Whiteboard: needs r/sr=jst
Comment 17•16 years ago
|
||
Comment on attachment 322211 [details] [diff] [review] Patch for branch Approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #322211 -
Flags: approval1.8.1.15? → approval1.8.1.15+
Comment 19•16 years ago
|
||
Verified on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.15pre) Gecko/2008061004 BonEcho/2.0.0.15pre I added the user preferences in about:config and when I loaded the site in comment #4 I got the values I had set the prefs to, for example: User-Agent: Firefox/1.1.1.1 oscpu: Linux productSub: 20010101 buildID: 2001010101 In Fx20014 the prefs had no effect and you were still getting the actual user agent values.
Keywords: fixed1.8.1.15 → verified1.8.1.15
Comment 20•15 years ago
|
||
javascript can use navigator.buildID to find the exact build time to the second. As far as I know it can send it to the webserver. 'general.buildID.override' does not seem to exist in about:config. So this is a unique or virtually unique identifier - a sort of cookie that is shared by all websites. This is a clear privacy issue. Things like that shouldn't be on by default, without anyone being warned. In this case, it can't even be turned off.
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•