Closed Bug 1751114 Opened 3 years ago Closed 3 years ago

Firefox for iOS shows previously closed private tabs for a fraction of a second when opening new private browsing tabs

Categories

(Firefox for iOS :: General, defect, P4)

Product:
Firefox for iOS
Component:
General
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
fxios 103 ---

People

(Reporter: eric, Assigned: lougenia)

References

Details

(Keywords: privacy, reporter-external, sec-low, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(3 files)

security-bugbounty-firefox.pdf
988.59 KB, application/pdf
Details
2022-01-19_BB_POC.MOV
1.92 MB, video/quicktime
Details
GitHub Pull Request
56 bytes, text/x-github-pull-request
Details | Review

Please see attached proof-of-concept documentation for steps, version, etc.

Flags: sec-bounty?
Attached video 2022-01-19_BB_POC.MOV

End to end illustration. Vulnerability occurs at 00:23.

Stefan, can you pass this to the right people?

Group: firefox-core-security → mobile-core-security
Component: Security → General
Flags: needinfo?(sarentz)
Product: Firefox → Firefox for iOS
Summary: Firefox Private Browsing bug → Firefox for iOS shows previously closed private tabs for a fraction of a second when opening new private browsing tabs
Flags: needinfo?(sarentz) → needinfo?(jeevans)
Flags: needinfo?(jeevans)

Please let me know if anymore information is needed.

Is this memory cached, such that if iOS eventually kills the process it will go away? Or is this nearly permanent?

I'm assuming it's relatively temporary: writing anything down in private browsing mode is a problem in any case.

Flags: needinfo?(jeevans)
Keywords: privacy, sec-low

From my testing, the image goes away only if the user completely closes Firefox.

If user... :

  1. ...closes the Private Browsing tab
  2. ...clicks the iPhone Home button
  3. ...does other tasks with the phone (duration tested: up to 2hours)
  4. ...then reopens Firefox and opens a new Private Browser tab
    ...the issue still exists.

I don't feel this is a security issue, but definitely a bug for privacy.
Tagging Daniela for priority

Flags: needinfo?(jeevans) → needinfo?(darcese)

This is now tracked with JIRA issue https://mozilla-hub.atlassian.net/browse/FXIOS-3673

Thanks, we will prioritize in Jira

Flags: needinfo?(darcese)
Priority: -- → P4

Closing the issue as verified fix on main 804720df41008d6c1adea8d11a3f05af1aef7c01

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Assignee: nobody → lougenia
Group: mobile-core-security → core-security-release
tracking-fxios: --- → 103
Group: core-security-release
Flags: sec-bounty? → sec-bounty-
See Also: → https://mozilla-hub.atlassian.net/browse/FXIOS-3673
Attached file GitHub Pull Request
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: