Closed
Bug 1655994
Opened 5 years ago
Closed 5 years ago
Process names include eTLD+1 when pref isn't enabled
Categories
(Core :: DOM: Navigation, defect)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
81 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox-esr78 | --- | unaffected |
| firefox78 | --- | unaffected |
| firefox79 | --- | unaffected |
| firefox80 | --- | fixed |
| firefox81 | --- | fixed |
People
(Reporter: jesup, Assigned: jesup)
References
(Regression)
Details
(Keywords: csectype-disclosure, regression, sec-moderate)
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta+
|
Details | Review |
The eTLD+1 is used for process names even when the pref isn't set; this can leak origin names
|
Assignee | |
Comment 1•5 years ago
|
||
|
||
Updated•5 years ago
|
Group: core-security → dom-core-security
|
||
Comment 2•5 years ago
|
||
https://hg.mozilla.org/integration/autoland/rev/0d8822fda84230785ba693752883b9836e0c6156
https://hg.mozilla.org/mozilla-central/rev/0d8822fda842
Group: dom-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
|
|
Assignee | |
Comment 3•5 years ago
|
||
Comment on attachment 9166842 [details]
Bug 1655994: Clean up process name setting r=nika
Beta/Release Uplift Approval Request
- User impact if declined: Disclosure of domains currently in use via task managers (on linux and mac)
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Trivial change
- String changes made/needed: None
Attachment #9166842 -
Flags: approval-mozilla-beta?
|
||
Comment 4•5 years ago
|
||
Comment on attachment 9166842 [details]
Bug 1655994: Clean up process name setting r=nika
approved for 80.0b2
Attachment #9166842 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 5•5 years ago
|
||
| uplift | ||
|
||
Updated•5 years ago
|
Flags: qe-verify-
|
||
Updated•5 years ago
|
No longer blocks: 1642772
status-firefox78:
--- → unaffected
status-firefox79:
--- → unaffected
status-firefox-esr68:
--- → unaffected
status-firefox-esr78:
--- → unaffected
Regressed by: 1642772
|
||
Updated•5 years ago
|
Has Regression Range: --- → yes
|
|
||
Updated•4 years ago
|
Group: core-security-release
|
||
Updated•4 years ago
|
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•