Closed Bug 1139627 Opened 9 years ago Closed 9 years ago

audit hardcoded URLs from Disconnect's exception list

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mmc, Unassigned)

References

(Blocks 1 open bug)

Details

I found 28 URLs in Disconnect's exception list:

https://github.com/disconnectme/disconnect/blob/ff3302665953194128474cf83c0762d9146fd4cb/firefox/content/overlay.js#L1004

This bug is to record their findings.

Kamil and Matt W QAed this list according to the following instructions: 

Steps to be used: (Note: don't have to start a new profile every single time for each website)

1) Start new Nightly with new profile
2) Disable e10s and enable tracking protection by going into about:config and turning on privacy.trackingprotection.enabled.
3) Wait 30 s and see if test page http://people.mozilla.org/~mchew/test_tp.html renders with blank boxes. If not, wait a bit more.
4) Enable webconsole and look at messages in the security tab
5) Visit all sites below. For shopping sites, try to look at an item or put something in the cart. For news sites, visit one article. You don't need a new profile for each site, just once.
6) If any page hangs, try disabling TP (click on the shield https://support.mozilla.org/en-US/kb/tracking-protection-firefox) and see if that helps. If the page fixes itself, TP is an issue.
7) If disabling TP fixes the problem, please include the list of blocked elements in the report. Blocked elements show up in the webconsole under the security tab with message "The resource at XXX was blocked because tracking protection is enabled."

Build being used:

    http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2015-03-03-03-02-30-mozilla-central/

Websites:
   allocine.fr [PASSED]
   barackobama.com [PASSED]
   bloomberg.com [PASSED]
   cbs.com [PASSED]
   cbsnews.com [PASSED]
   cvs.com - FAILED (https://bugzilla.mozilla.org/show_bug.cgi?id=1139620
   dailymail.co.uk [PASSED]
   deviantart.com [PASSED]
   easyjet.com [PASSED]
   ford.com [PASSED]
   fossil.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139624
   fossil.com [PASSED]
   freshdirect.com [PASSED]
   gamespot.com [PASSED]
   hm.com [PASSED]
   ign.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139625
   macys.com - FAILED https://bugzilla.mozilla.org/show_bug.cgi?id=1139621
   minecraft.net [PASSED]
   newyorker.com [PASSED]
   nordstrom.com https://bugzilla.mozilla.org/show_bug.cgi?id=1139623
   playtv.fr [PASSED]
   slideshare.net [PASSED]
   subaru.com [PASSED]
   target.com [PASSED]
   techrepublic.com [FAILED] https://bugzilla.mozilla.org/show_bug.cgi?id=1139626
   ted.com [PASSED]
   telegraph.co.uk [PASSED]
   vimeo.com [PASSED]
Bugs have been filed for all the ones that failed, so closing.
Blocks: tp-breakage
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.