Closed
Bug 1501006
Opened 7 years ago
Closed 7 years ago
windows.create can create container tab even in perma-private browsing mode
Categories
(WebExtensions :: Frontend, defect, P3)
Tracking
(firefox-esr60 unaffected, firefox63 unaffected, firefox64 verified, firefox65 verified)
VERIFIED
FIXED
mozilla65
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | --- | verified |
| firefox65 | --- | verified |
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Keywords: regression)
Attachments
(3 files)
Bug 1393570 allows extensions to create windows consisting of container tabs.
Currently, container tabs are not supported when perma-private browsing mode is enabled (bug 1320757).
However, with the extension API from bug 1393570, it is possible to create a container tab despite perma-private browsing mode being enabled, and the resulting tab data is persisted to the disk (which violates the privacy assumptions of PBM).
STR:
1. Start Firefox, visit about:config and set
browser.privatebrowsing.autostart to true
(this is equivalent to visiting about:preferences and setting History to "Never remember history")
2. Restart Firefox.
3. Load attached extension, e.g. at about:debugging.
4. Click on the extension button (green puzzle piece in toolbar).
5. Enter https://example.org/ in the input field and press on the "Open URL in new container tab" button.
Expected:
- Nothing should happen. The global error console should contain an error from the windows.create call.
Actual:
- A new window is opened, with a container tab.
- The data is persisted to disk: Open the profile directory (which you can find at about:support), and search for the website that you have just opened:
$ grep -rl example.org
places.sqlite-wal
cache2/entries/4A61EE148366CE91532EAD8BD9675DD5691D68F4
cache2/entries/E3204B7B272E2EBA706EFCBB9952665001A54D04
|
Assignee | |
Updated•7 years ago
|
status-firefox63:
--- → unaffected
status-firefox64:
--- → affected
status-firefox65:
--- → affected
status-firefox-esr60:
--- → unaffected
|
|
Assignee | |
Comment 1•7 years ago
|
||
I'm going to fix the extension API implementation, but the fact that setting a non-default userContextId can bypass perma-PBM also looks like a bad bug on its own.
|
|
Assignee | |
Comment 2•7 years ago
|
||
Until container tabs are supported in private browsing mode
(bug 1320757), extensions should not be able to open container tabs when
perma-private browsing mode is off.
|
|
Assignee | |
Comment 3•7 years ago
|
||
Depends on D9517
|
|
Assignee | |
Comment 4•7 years ago
|
||
The first patch fixes the regression, and I intend to uplift this.
The second patch is a drive-by fix to ensure that cookieStoreId can only be used if contextual identities are enabled.
The latter is a bug, but there is a chance that extensions have started to depend on it, so I'll let that ride the train.
|
||
Updated•7 years ago
|
Priority: -- → P3
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/cf853aa08e45
Reject cookieStoreId in perma-private browsing mode r=mixedpuppy
https://hg.mozilla.org/integration/autoland/rev/207888ebb8b8
Reject cookieStoreId when contextual identities are disabled r=mixedpuppy
|
||
Comment 6•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/cf853aa08e45
https://hg.mozilla.org/mozilla-central/rev/207888ebb8b8
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
|
|
Assignee | |
Comment 7•7 years ago
|
||
I verified that the bug has been fixed:
Broken: Firefox 65.0a1 20181028102553
Fixed : Firefox 65.0a1 20181029230149, the console (via the Debug button at about:debuggingP) shows the following message after running the STR:
Error: "Contextual identities are currently disabled"
Status: RESOLVED → VERIFIED
|
|
Assignee | |
Comment 8•7 years ago
|
||
Comment on attachment 9019349 [details]
Bug 1501006 - Reject cookieStoreId in perma-private browsing mode
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: Bug 1393570
User impact if declined: Container tabs can be opened by extensions even if the preference to enable container tabs feature is off.
Is this code covered by automated tests?: Yes
Has the fix been verified in Nightly?: Yes
Needs manual test from QE?: No
If yes, steps to reproduce:
List of other uplifts needed: none
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky):
String changes made/needed:
Attachment #9019349 -
Flags: approval-mozilla-beta?
|
||
Updated•7 years ago
|
Flags: qe-verify+
Flags: in-testsuite+
|
|
||
Comment 9•7 years ago
|
||
Comment on attachment 9019349 [details]
Bug 1501006 - Reject cookieStoreId in perma-private browsing mode
[Triage Comment]
Fixes extensions being able to open container tabs even if the preference to enable container tabs feature is off. Approved for 64.0b6.
Attachment #9019349 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 10•7 years ago
|
||
| bugherder uplift | ||
|
||
Comment 11•7 years ago
|
||
I managed to reproduce this on Firefox 64.0b5.
The bug is no longer reproducible on Firefox 64.0b6 and Nightly 65.0a1 (2018-11-01) so I'll mark it as verified.
You need to log in
before you can comment on or make changes to this bug.
Description
•