Fingerprinting resistance in pluginarray/mimetypesarray misses own prop names

RESOLVED FIXED in Firefox 53

Status

()

defect
RESOLVED FIXED
3 years ago
5 months ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

Trunk
mozilla53
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox52- affected, firefox53 fixed)

Details

(Whiteboard: [tor][fingerprinting])

Attachments

(1 attachment)

The checks added in bug 418986 didn't affect GetSupportedNames.
Attachment #8819367 - Flags: review?(kyle) → review+
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/dcc7b0c683ce
Add fingerprinting resistance in GetSupportedNames in nsMimeTypeArray and nsPluginArray.  r=qdot
https://hg.mozilla.org/mozilla-central/rev/dcc7b0c683ce
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
[Tracking Requested - why for this release]:
Tor Browser will rely on 52ESR, and we would like to request including this patch (off by default in Firefox but on by default in Tor Browser).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Whiteboard: [tor][fingerprinting]
Please don't reopen bugs to request backports.  That's what the approval request flags on patches are for.
Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
Resolution: --- → FIXED
In terms of being able to backport this, bug 1316619 _was_ done in time for 52, so that part is there.  But the patches for bug 1324035 aren't on 52, so "nsContentUtils::ResistFingerprinting(mozilla::dom::CallerType aCallerType)" doesn't exist, just the no-args version.  That will require a tiny bit of work to backport.
I don't think I need to be tracking this.  Still happy to take an uplift for it up to early beta.
Oh, but more to the point the general design of this patch involves backporting more of bug 1324035 in general....
And that involves backporting some of bug 1316616 or restructuring how the patches in bug 1324035 work a bit.

I won't have time to do this before the uplift, for sure.  I may have time to review someone else's attempts to do this....
If nothing happens soon here, it is going to be => wontfix.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.