Closed Bug 1500549 Opened Last year Closed Last year

TRR Blacklist does not respect OriginAttributes

Categories

(Core :: Networking: DNS, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: tjr, Assigned: bagder)

References

Details

(Whiteboard: [userContextId][trr][necko-triaged])

Attachments

(1 file)

The TRR Blacklist storage item stores results using a hashkey that is based only on the domain.  (It respects private browsing by using two different stores). https://searchfox.org/mozilla-central/rev/9cb3e241502a2d47e2d5057ca771324a446b6695/netwerk/dns/TRRService.h#86

An attacker could correlate a user (who had TRR enabled) across containers (or first party isolation) by using DNS response tricks.

The hashkey that is used to store and look up entries in the blacklist should be based off the full OriginAttributes struct, rather than simply the domain.
Assignee: nobody → daniel
Priority: -- → P2
Whiteboard: [userContextId] → [userContextId][trr][necko-triaged]
MozReview-Commit-ID: 5nOZefVlqRE
Pushed by daniel@haxx.se:
https://hg.mozilla.org/integration/autoland/rev/1c9f10e217d1
make TRR Blacklist use originSuffix r=valentin
https://hg.mozilla.org/mozilla-central/rev/1c9f10e217d1
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Depends on: 1501283
You need to log in before you can comment on or make changes to this bug.