Open Bug 1141146 Opened 10 years ago Updated 3 years ago

audit referrer policy propagation in UI code

Tracking

()

Status:

NEW

People

(Reporter: averstak, Unassigned)

Details

(Whiteboard: domsecurity-backlog)

Alex Verstak

Reporter

Description

•

10 years ago

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 Steps to reproduce: Bug 1113431 is adding referrer policy support for middle-click and open-link-in-new-{tab,window}. Gijs says: """ We'd need to audit the relevant code (I suspect at least sidebars, social and Firefox Hello, off the top of my head). """ Download is bug 1073187; android is bug 1141142; metro is bug 1141143; and comm-central is bug 1141140. This bug is for the rest of Firefox. Propagating overly detailed referrers is a privacy issue. Spec: http://w3c.github.io/webappsec/specs/referrer-policy/

:Gavin Sharp [email: gavin@gavinsharp.com]

Updated

•

10 years ago

Status: UNCONFIRMED → NEW

Ever confirmed: true

Flags: firefox-backlog+

:Gavin Sharp [email: gavin@gavinsharp.com]

Updated

•

10 years ago

Component: Untriaged → General

OS: Mac OS X → All

Hardware: x86 → All

Thomas Nguyen (:tnguyen)

Updated

•

9 years ago

Priority: -- → P3

Whiteboard: domsecurity-backlog

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

audit referrer policy propagation in UI code

Categories

(Firefox :: General, defect, P3)

Tracking

()

People

(Reporter: averstak, Unassigned)

References

Details

(Whiteboard: domsecurity-backlog)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated