Closed
Bug 1476324
Opened 6 years ago
Closed 6 years ago
Storage activation via window.open(URL) applies across top-level domains
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
FIXED
Firefox 63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: englehardt, Assigned: baku)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
|
5.27 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
|
10.51 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
|
2.39 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
As part of the new cookie restrictions (Bug 1473978) we implemented a storage activation heuristic based on the use of window.open by the opening document (Bug 1474651). This heuristic is intended to allow storage access for the target of the window.open call only on the opening document's site. Instead, it appears to enable storage access for that third party on all first parties. Steps to reproduce: With a fresh profile, visit: https://senglehardt.com/test/identity_providers/facebook.html and https://www.cs.princeton.edu/~ste/test/identity_providers/facebook.html In both cases no cookies should be sent in requests to Facebook. Click "Login In" on senglehardt.com. Refresh the princeton.edu tab. You should now see cookies sent to Facebook on the princeton.edu page.
|
Assignee | |
Comment 1•6 years ago
|
||
Assignee: nobody → amarchesini
Attachment #8992757 -
Flags: review?(ehsan)
|
|
Assignee | |
Comment 2•6 years ago
|
||
Attachment #8992758 -
Flags: review?(ehsan)
|
||
Updated•6 years ago
|
Attachment #8992758 -
Flags: review?(ehsan) → review+
|
|
||
Updated•6 years ago
|
Attachment #8992757 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Comment 3•6 years ago
|
||
Currently we annotate only 3rd party channels. We must annotate also top-level channels because we need to grant the first party storage permission if a top-level non-tracking page does a window.open(tracker) and the user interacts with that tracker page.
Attachment #8992870 -
Flags: review?(francois)
|
|
||
Comment 4•6 years ago
|
||
Comment on attachment 8992870 [details] [diff] [review] part 3 - annotate top-level channel Review of attachment 8992870 [details] [diff] [review]: ----------------------------------------------------------------- Stealing!
Attachment #8992870 -
Flags: review?(francois) → review+
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/48dbdb55cabe Storage activation via window.open(URL) applies across top-level domains - part 1 - window.open() from top-level, r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/2272ac475d49 Storage activation via window.open(URL) applies across top-level domains - part 2 - tests, r=ehsan https://hg.mozilla.org/integration/mozilla-inbound/rev/1b81fd5d2002 Storage activation via window.open(URL) applies across top-level domains - part 3 - annotate top-level channels, r=ehsan
|
||
Comment 6•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/48dbdb55cabe https://hg.mozilla.org/mozilla-central/rev/2272ac475d49 https://hg.mozilla.org/mozilla-central/rev/1b81fd5d2002
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
You need to log in
before you can comment on or make changes to this bug.
Description
•