Closed Bug 903649 Opened 11 years ago Closed 11 years ago

Firefox should return an empty array for navigator.plugins

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 757726

People

(Reporter: jwalker, Unassigned)

References

(
URL
)

Details

How much of the Internet would we break if navigator.plugins returned "[]" however many plugins were installed?

For reference, that's what IE does, so it's possible to survive without it, and it's used by the EFF to demonstrate browser finger printing [1].

Even if no-one uses the plugin list to fingerprint browsers in practice, the existence of the test in panopticlick makes Firefox look bad, so if we can remove it, we should.

If there are plugins that fail unless their existence is public then perhaps these can be made public, while defaulting other plugins to hidden.

[1]: https://panopticlick.eff.org/
I think we can figure it out. Go to each of the top 20M websites on the internet (alexa? idk what sources we can get this from) and load all the JS files included at page load and check if navigator.plugins is a substring in the js.

Not going to be 100% accurate, but with a big enough sample size (top 20M is a good sample size, no?), it would give us a pretty good idea. No?
Good to know, I'm not alone: I've also been studying the eff paper. 

This is actually a duplicate of bug 757726.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.