Firefox Focus on Android: Clearing browsing data stops working from notification
Categories
(Focus :: General, defect)
Tracking
(Not tracked)
People
(Reporter: jesse.luoto, Assigned: droeh)
References
()
Details
(Keywords: privacy, sec-low, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
980 bytes,
text/html
|
Details |
Description
Firefox Focus can be set to a state where browser history cannot be erased before the app is force-stopped. This happens after pressing the "Erase browsing history" notification.
Steps to reproduce
- Open Firefox Focus
- Navigate to any webpage
- Without exiting the app, press the Firefox Focus notification that says "Erase browsing history"
Expected results
Firefox Focus should close the current webpages, erase browsing history and continue operating normally
Actual results
- Firefox Focus closes the current webpages, but does not erase browsing history (cookies, locsalstorage)
- Pressing the trash can icon ("erase" button) does not erase browsing history anymore
- Pressing "Open and erase" from notification does not erase browsing history anymore
- Closing the app via Android's "recent apps" does not erase browsing history anymore
Visit page from proof-on-concept to validate that browsing history is not erased.
Environment tested
- Tested with following apps:
-- Firefox Focus version 8.2.0 (Build #340992215 🦎 75.0-20200403170909)
-- Firefox Focus custom built from Github source code, master at dde1484c / tag v8.2.0 (Build #11 🦎 75.0-20200403170909) - Android 10, security patch 2020-03-01
- Samsung Galaxy S10E
Proof of concept
Serve the attached file index.html
from a web server, or visit the url https://output.jsbin.com/mejolejimo (contains the same javascript code).
Open the webpage with Firefox Focus and follow "steps to reproduce". The tracking IDs will not get cleared between erases if steps are followed.
Comment 1•4 years ago
|
||
Stefan, who's best placed to investigate this?
Updated•4 years ago
|
Updated•4 years ago
|
Reporter | ||
Comment 2•4 years ago
|
||
Just tested and confirmed this using Pixel 3 emulator with Android Q.
Built the master
branch with Android Studio.
Reporter | ||
Comment 3•4 years ago
|
||
Note about the previous test URL:
Seems that the old test URL has expired. You'll need to click the "output" tab or use this link: https://jsbin.com/mejolejimo/1/edit?output
(or serve the index.html
from the attachment)
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 4•4 years ago
|
||
I noticed that there's a new version of Focus (8.3.0) merged to master
three days ago. I just re-tested and verified that this issue still occurs on 8.3.0 version.
Tested with:
Pixel 3 emulator / Firefox Focus 8.3.0 🦎 76.0-20200429185419
This bug is part of a group of bugs in a security or private group which have the old default Severity of normal
which has not been changed, and the default priority of --
. This indicates that this bugs Severity should be set to --
so it will show up in triage lists.
Trying to set that severity again.
Comment 7•4 years ago
|
||
:snorp, can you help triage? Thank you!
Reporter | ||
Comment 8•4 years ago
|
||
Any news from the triage yet? I'd like to point out that per my own testing this should affect all current Android versions of Firefox Focus.
Whoops, I don't think this has actually been triaged. Seems pretty bad.
Dylan are you still maintaining Focus right now? I think we probably need to use a session context id in conjunction with private mode?
Assignee | ||
Comment 10•4 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #9)
Whoops, I don't think this has actually been triaged. Seems pretty bad.
Dylan are you still maintaining Focus right now? I think we probably need to use a session context id in conjunction with private mode?
To the extent that anyone is. I can write up a patch to generate a unique contextId whenever a new session is created, but I don't think I really agree that that's the correct solution here even if it works -- as far as I can tell the steps described should be deleting everything regardless of contextId.
Assignee | ||
Comment 11•4 years ago
|
||
It may be a moot point, however, as I can't reproduce this either with a local build or a build from the play store.
I've put up the proof of concept here for convenience (the jsbin link in the bug has hit its limit apparently): https://mammoth-lofty-jodhpur.glitch.me/
- Starting from a fresh install of focus, I load it and see that there are no dirty cookies (of course) and make note of the randomly generated IDs on the page.
- Refreshing the page will complain that there are dirty cookies and comparing will of course show that the randomly generated IDs on the page are the same as they were in the previous step.
- Hitting the trash can button closes all open tabs.
- Navigating back to the proof of concept, it will no longer complain about dirty cookies and will now have new randomly generated IDs.
I've tested this with a local x86-64 debug build on Android Q and with a google play store build (8.3.0) on a Pixel 2 also running Android Q.
Reporter | ||
Comment 12•4 years ago
|
||
Please use the notification, not the trash can image.
After clicking the notification the trash can button stops working too.
Reporter | ||
Comment 13•4 years ago
|
||
The bug is only reproducible using the following method:
- Without exiting the app, press the Firefox Focus notification that says "Erase browsing history"
Before pressing the notification, these methods work as expected:
- Pressing the trash can button
- Pressing "Erase and open" from the notification
Assignee | ||
Comment 14•4 years ago
|
||
(In reply to jesse.luoto from comment #12)
Please use the notification, not the trash can image.
After clicking the notification the trash can button stops working too.
Ah! Sorry about that, misread. I can indeed reproduce now, will investigate further.
Assignee | ||
Comment 15•4 years ago
|
||
Setting a random contextId does indeed fix the issue, though I'm unconvinced it's the right approach. I'll dig into what our notification is doing a bit before putting this up for review.
Assignee | ||
Comment 16•4 years ago
|
||
(In reply to Dylan Roeh (:droeh) (he/him) from comment #15)
Setting a random contextId does indeed fix the issue, though I'm unconvinced it's the right approach. I'll dig into what our notification is doing a bit before putting this up for review.
Yeah, to followup here: the problem is that we are failing to get the GeckoSessions when we call removeAndCloseAllSessions
in response to the user tapping the notification for reasons that aren't entirely clear to me yet. Since we can't get the sessions, we "gracefully" fail by just removing them from the session manager without closing them, resulting in Gecko failing to clear data (and probably us leaking sessions as well, ouch). Adding contextIds just papers over the actual issue.
(In reply to Dylan Roeh (:droeh) (he/him) from comment #16)
(In reply to Dylan Roeh (:droeh) (he/him) from comment #15)
Setting a random contextId does indeed fix the issue, though I'm unconvinced it's the right approach. I'll dig into what our notification is doing a bit before putting this up for review.
Yeah, to followup here: the problem is that we are failing to get the GeckoSessions when we call
removeAndCloseAllSessions
in response to the user tapping the notification for reasons that aren't entirely clear to me yet. Since we can't get the sessions, we "gracefully" fail by just removing them from the session manager without closing them, resulting in Gecko failing to clear data (and probably us leaking sessions as well, ouch). Adding contextIds just papers over the actual issue.
Eek! Yeah we definitely want to fix this correctly then.
Assignee | ||
Comment 18•4 years ago
|
||
Jon, for context this is the bug underlying this PR I asked you to review: https://github.com/mozilla-mobile/focus-android/pull/4523
Comment 19•4 years ago
|
||
We've merged this fix and I've verified it locally with the jsbin test site. It should go out in the 8.4.0 release.
Reporter | ||
Comment 20•4 years ago
|
||
It seems that 8.4.0 has been released. I just verified this fix with the public version from Play Store, so this issue can be marked as resolved. Thank you!
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Updated•3 years ago
|
Updated•2 years ago
|
Description
•