Closed
Bug 1436432
Opened 7 years ago
Closed 7 years ago
Currently viewed webpage (even in Private browsing!) is shared to other devices via IOS Handoff
Categories
(Firefox for iOS :: Browser, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: brian, Assigned: justindarc)
Details
(Keywords: privacy, reporter-external)
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Steps to reproduce:
Opened any webpage (eg. www.cheese.com) in a normal or PRIVATE tab in Firefox my Apple IPhone (IOS11.2.4). Then, on my Apple iPad (IOS11.2.4) the handoff function on the dock will open that same webpage (eg. www.cheese.com) in a Safari window.
Actual results:
As described above. My iPad is a shared device with other family members, which could potentially inadvertently see my current PRIVATE browsing via the handoff feature.
Expected results:
Firefox private tab browsing should absolutely NOT be shared to other devices. I don't want anyone else who uses my shared devices to know how much I love cheese.com
Correction for accuracy: these are the actual iOS versions running on the affected devices in the original report:
iPhone: 11.2.2 (15C202)
iPad: 11.2.1 (15C153)
I'm not sure what iOS versions are affected by this issue.
Comment 3•7 years ago
|
||
Thanks for the report Brian. Confirming that this is reproducible on 10.6 and 11.0(8861). We should not share Private Tabs via Handoff.
Status: UNCONFIRMED → NEW
status-fxios-v11.0:
--- → affected
tracking-fxios:
--- → ?
Ever confirmed: true
Assignee | ||
Updated•7 years ago
|
Assignee | ||
Comment 4•7 years ago
|
||
Attachment #8952816 -
Flags: review?(jhugman)
Comment 5•7 years ago
|
||
Comment on attachment 8952816 [details] [review]
GitHub Pull Request
Feedback in PR.
R? again when ready.
Attachment #8952816 -
Flags: review?(jhugman) → feedback+
Assignee | ||
Comment 6•7 years ago
|
||
Comment on attachment 8952816 [details] [review]
GitHub Pull Request
Upgrades to `siteURL` from metadata parser now (when available).
Attachment #8952816 -
Flags: review?(jhugman)
Updated•7 years ago
|
Attachment #8952816 -
Flags: review?(jhugman) → review+
Assignee | ||
Comment 7•7 years ago
|
||
Landed on master:
https://github.com/mozilla-mobile/firefox-ios/commit/0dddd260d97a005df4749a86993390c66c2997c3
Landed on v11.x:
https://github.com/mozilla-mobile/firefox-ios/commit/3029f27b4cf8bd012a8212a58de50f7125718844
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 8•7 years ago
|
||
Verifying as fix on master 6672352af5. Tabs from Private Browsing are no longer shared via Handoff.
Updated•7 years ago
|
Flags: sec-bounty?
Comment 10•7 years ago
|
||
This is a valid privacy concern, but is not a potential exploit of the type that our Bug Bounty program covers.
Flags: sec-bounty? → sec-bounty-
Keywords: privacy
Updated•5 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•