Closed Bug 1811505 Opened 2 years ago Closed 2 years ago

Check for about scheme in ShouldResistFingerprinting might be too broad

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1805101

People

(Reporter: tschuster, Unassigned)

References

(Blocks 1 open bug)

Details

Tom Schuster

Reporter

Description

•

2 years ago

We should investigate if this and this check for aURI->SchemeIs("about") potentially allows all about:blank/about:srcdoc pages to bypass the resist fingerprinting mode.

Andrew McCreight [:mccr8]

Updated

•

2 years ago

Group: core-security → dom-core-security

Tom Ritter [:tjr]

Comment 1

•

2 years ago

I deon't think we need to keep this hidden.

The conversation I was thinking of was in https://phabricator.services.mozilla.com/D95139

Group: dom-core-security

BugBot [:suhaib / :marco/ :calixte]

Comment 2

•

2 years ago

The severity field is not set for this bug.
:dveditz, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dveditz)

Tom Ritter [:tjr]

Updated

•

2 years ago

Severity: -- → S3

Flags: needinfo?(dveditz)

Tom Ritter [:tjr]

Updated

•

2 years ago

Whiteboard: [fpp:m?]

Tom Ritter [:tjr]

Updated

•

2 years ago

Updated

•

2 years ago

Status: NEW → RESOLVED

Closed: 2 years ago

Duplicate of bug: 1805101

Resolution: --- → DUPLICATE

Tom Ritter [:tjr]

Updated

•

1 year ago

Whiteboard: [fpp:m?]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Check for about scheme in ShouldResistFingerprinting might be too broad

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: tschuster, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated

Updated

Updated

Updated

Updated