Closed Bug 1705068 (CVE-2021-29963) Opened 3 years ago Closed 3 years ago

Private Browsing not respected for search suggestions

Categories

(Fenix :: General, defect)

Product:
Fenix
Component:
General
Platform:
Unspecified
Android
Type:
defect

Tracking

(firefox88 wontfix, firefox89 verified, firefox90 fixed)

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox88 --- wontfix
firefox89 --- verified
firefox90 --- fixed

People

(Reporter: jwkbugzilla, Assigned: sebastian)

Details

(Keywords: csectype-disclosure, privacy, sec-moderate, Whiteboard: [adv-main89+])

Attachments

(1 file)

advisory.txt
303 bytes, text/plain
Details

The problematic code can be seen here:

https://github.com/mozilla-mobile/android-components/blob/78979a815d9ba671e6cc8009ef50b80a26ab7896/components/feature/awesomebar/src/main/java/mozilla/components/feature/awesomebar/provider/SearchSuggestionProvider.kt#L247-L251

The request retrieving search suggestions does not respect Private Browsing mode. While Fenix doesn’t have search suggestions enabled by default in Private Browsing and warns about the impact (everything typed into address bar sent to search provider), this is still unnecessary. Once a search is accepted, this allows search providers (by default Google) to match the regular search session to the private one.

The issue can be confirmed by debugging the network traffic of the main process: search suggestions always send the cookies from the regular session, regardless of whether the user is currently in a private tab.

I'll take a stab at this.

Assignee: nobody → s.kaspari
Status: NEW → ASSIGNED

A patch for this landed in A-C and Fenix (90.0):

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox90: --- → fixed
Resolution: --- → FIXED
Group: mobile-core-security → core-security-release
status-firefox88: --- → wontfix
status-firefox89: --- → affected

Is this something we should consider backporting to AC75/Fenix89?

Flags: needinfo?(s.kaspari)

Uplifting to AC75: https://github.com/mozilla-mobile/android-components/pull/10274

Flags: needinfo?(s.kaspari)

AC 75.0.16 is getting built.

Fenix PR with AC version bump and patch uplift:
https://github.com/mozilla-mobile/fenix/pull/19537

Verified as fixed on Fenix 89.0.0-beta8 and 9 with Google Pixel 4 XL (Android 11).
Note that the Allow search suggestions in PB prompt was displayed when first time typing in the URL bar.

Status: RESOLVED → VERIFIED
Whiteboard: [adv-main89+]
Attached file advisory.txt
Alias: CVE-2021-29963
Group: core-security-release
Component: Security: Android → General
OS: Unspecified → Android
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: