[Cisco Webex] Microphone permission is leaked to other sites in the same tab during the grace period
Categories
(Firefox :: Site Permissions, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox86 | --- | unaffected |
| firefox87 | --- | unaffected |
| firefox88 | + | verified |
People
(Reporter: tbabos, Assigned: pbz)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [proton-door-hangers])
Attachments
(2 files, 1 obsolete file)
Screenshot of the issue
Affected Versions:
Nightly 88.0a1 (2021-03-16)
Tested on:
Windows 7/10 and MacOS
Steps to Reproduce:
- Go to https://meet42.webex.com
- Sign In (ask me on Slack for credentials if need be)
- Start a meeting
- Choose to join from browser
- Grant access to the mic and webcam
- Click on start meeting
- After the meeting is started navigate to any different site (youtube, 9gag, etc) or ones where microphone access is also needed (do this during the grace period)
For example, go to: https://mozilla.github.io/webrtc-landing/gum_test.html
- Check the permission icon in the address bar and oberve microphone access is granted
- Click on "Microphone" on the test page
Expected Result:
The microphone permission prompt should not leak into other sites permissions.
Actual Results:
Microphone permission is leaked to other sites in the same tab during the grace period.
Clicking on "Microphone" will also give access to the user's mic without any prompt for the test site.
Regression-Range:
Most likely regression of Bug 1693677. This is not reproducible if I disable the grace period.
We observed this issue only for this site during testing.
|
Reporter | |
Updated•3 years ago
|
|
|
Reporter | |
Comment 1•3 years ago
|
||
Hey Mike, can you look into this when you have time? Thanks!
|
|
Reporter | |
Comment 2•3 years ago
|
||
|
|
Reporter | |
Updated•3 years ago
|
|
Assignee | |
Updated•3 years ago
|
|
||
Comment 4•3 years ago
|
||
[Tracking Requested - why for this release]:
Tracking for 88 - we should make sure that we turn the grace period off in 88 if we can't find a technical solution here in time.
|
|
||
Comment 5•3 years ago
|
||
To be clear, tbabos, if you disable the grace period (set privacy.webrtc.deviceGracePeriodTimeoutMs to 0 in about:config), is this still reproducible?
|
|
Reporter | |
Comment 6•3 years ago
|
||
If I disable the grace period this issue is not reproducible anymore. I just redone it again with grace period enabled (50000s) and disabled (0s) and can confirm it is not reproducible with the grace period disabled (0s).
|
|
Assignee | |
Comment 7•3 years ago
|
||
|
|
Assignee | |
Comment 8•3 years ago
|
||
I can reproduce via https://www.webex.com/test-meeting.html#. Granting permission, joining the meeting all the way and then navigating to another site, for example example.com.
The issue seems to be that we can get the wrong principal, already the principal of the next page, in webrtc:UpdateIndicators
https://searchfox.org/mozilla-central/rev/f07a609a76136ef779c65185165ff5ac513cc172/browser/actors/WebRTCParent.jsm#175
This is the principal we use for setting the grace period permission.
I've uploaded a WIP patch which fixes this by storing the principal on webrtcUI.activePerms on permission grant. We'll still need to investigate what exactly is causing this though, so we can add a test.
|
|
Assignee | |
Comment 9•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Comment 10•3 years ago
|
||
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e9920d3ab21d Store the correct principal when adding streams to webrtcUI. r=jib
|
|
Assignee | |
Comment 11•3 years ago
|
||
After discussion with :nika we ended up with this simpler fix which doesn't require us to refactor webrtcUI.activePerms. The issue was that getting the documentPrincipal via the BrowsingContext doesn't guarantee that we get the right principal. So for the navigation case we sometimes got the principal for the next document.
|
|
||
Comment 12•3 years ago
|
||
chefs kiss, I love simple fixes.
I wonder if / how / where we should document this potential place for a security footgun for principal confusion.
|
||
Updated•3 years ago
|
|
||
Comment 13•3 years ago
|
||
| bugherder | ||
|
|
Reporter | |
Comment 14•3 years ago
|
||
Verified-fixed on latest Firefox Nightly 88.0a1 (2021-03-19) (64-bit) on Windows 7/10, MacOS 10.15 and Ubuntu 20.04. We also smoked tested general grace period functionality and tried out other sites as well but no issues encountered. Thanks for fixing this so fast!
|
|
Assignee | |
Updated•3 years ago
|
|
|
Reporter | |
Updated•3 years ago
|
|
||
Updated•1 year ago
|
Description
•