Closed Bug 1324044 Opened 8 years ago Closed 8 years ago

Fingerprinting resistance in pluginarray/mimetypesarray misses own prop names

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla53
Tracking Flags:
Tracking Status
firefox52 - affected
firefox53 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

(Whiteboard: [tor][fingerprinting])

Attachments

(1 file)

Add fingerprinting resistance in GetSupportedNames in nsMimeTypeArray and nsPluginArray
6.36 KB, patch
qdot
: review+
Details | Diff | Splinter Review
The checks added in bug 418986 didn't affect GetSupportedNames.
Blocks: 418986
Depends on: 1324035
Attachment #8819367 - Flags: review?(kyle) → review+
Pushed by bzbarsky@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/dcc7b0c683ce Add fingerprinting resistance in GetSupportedNames in nsMimeTypeArray and nsPluginArray. r=qdot
https://hg.mozilla.org/mozilla-central/rev/dcc7b0c683ce
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox53: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
[Tracking Requested - why for this release]: Tor Browser will rely on 52ESR, and we would like to request including this patch (off by default in Firefox but on by default in Tor Browser).
Status: RESOLVED → REOPENED
status-firefox52: --- → affected
tracking-firefox52: --- → ?
Resolution: FIXED → ---
Whiteboard: [tor][fingerprinting]
Please don't reopen bugs to request backports. That's what the approval request flags on patches are for.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
In terms of being able to backport this, bug 1316619 _was_ done in time for 52, so that part is there. But the patches for bug 1324035 aren't on 52, so "nsContentUtils::ResistFingerprinting(mozilla::dom::CallerType aCallerType)" doesn't exist, just the no-args version. That will require a tiny bit of work to backport.
I don't think I need to be tracking this. Still happy to take an uplift for it up to early beta.
tracking-firefox52: ?-
Oh, but more to the point the general design of this patch involves backporting more of bug 1324035 in general....
And that involves backporting some of bug 1316616 or restructuring how the patches in bug 1324035 work a bit. I won't have time to do this before the uplift, for sure. I may have time to review someone else's attempts to do this....
If nothing happens soon here, it is going to be => wontfix.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: