Closed
Bug 1077874
Opened 10 years ago
Closed 8 years ago
Don't expose Firefox patch level (32.0.x) in Safe Browsing requests, only the major version (32.0)
Categories
(Toolkit :: Safe Browsing, defect, P5)
Tracking
()
RESOLVED
FIXED
mozilla49
Tracking | Status | |
---|---|---|
firefox49 | --- | fixed |
People
(Reporter: WilliamWJimenes, Assigned: allstars.chh)
References
Details
(Keywords: privacy)
Attachments
(1 file, 1 obsolete file)
7.52 KB,
patch
|
francois
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Steps to reproduce: I observed the http requests associated with Google Safe Browsing and noticed that the full Firefox version is sent with the POST request, for example: https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=32.0.2&pver=2.2&key=no-google-api-key There isn't a compelling reason to provide this level of detail, as it should make no functional difference. There are various reason to reduce the level of detail, such as to reduce fingerprintability. The patch level has already been removed from the user agent string, per https://bugzilla.mozilla.org/show_bug.cgi?id=728831 Actual results: the firefox patch level is sent to the Google Safe Browsing servers Expected results: the patch level should not be sent
Reporter | ||
Updated•10 years ago
|
Updated•10 years ago
|
Component: Untriaged → Phishing Protection
Product: Firefox → Toolkit
Comment 1•8 years ago
|
||
We should do this for all of these endpoints: browser.safebrowsing.provider.google.gethashURL browser.safebrowsing.provider.google.updateURL browser.safebrowsing.provider.mozilla.gethashURL browser.safebrowsing.provider.mozilla.updateURL
Blocks: 1149867
Whiteboard: [tpe-seceng]
Updated•8 years ago
|
Summary: don't expose Firefox patch level (32.0.x) in Google Safe Browsing POST requests, only show the major version (32.0) → Don't expose Firefox patch level (32.0.x) in Safe Browsing requests, only the major version (32.0)
Comment 2•8 years ago
|
||
Yoshi, here's another easy Safe Browsing bug you could take.
Priority: -- → P5
Whiteboard: [tpe-seceng]
Assignee | ||
Comment 3•8 years ago
|
||
\O/
Assignee: nobody → allstars.chh
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 4•8 years ago
|
||
WIP, still trying to write a test for this.
Assignee | ||
Comment 5•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=f35e4eb5c0a6
Assignee | ||
Comment 6•8 years ago
|
||
added test
Attachment #8747013 -
Attachment is obsolete: true
Attachment #8747422 -
Flags: review?(francois)
Comment 7•8 years ago
|
||
Comment on attachment 8747422 [details] [diff] [review] Patch Review of attachment 8747422 [details] [diff] [review]: ----------------------------------------------------------------- The test looks great, thanks Yoshi!
Attachment #8747422 -
Flags: review?(francois) → review+
Assignee | ||
Updated•8 years ago
|
Status: NEW → ASSIGNED
Comment 9•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5ff6c2371439
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox49:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in
before you can comment on or make changes to this bug.
Description
•