push notifications saved to disk in Private Browsing mode (Toggle off push notifications in Private Browsing mode)
Categories
(Core :: DOM: Push Subscriptions, defect, P2)
Tracking
()
People
(Reporter: hsingh, Assigned: hsingh)
References
(Regressed 1 open bug)
Details
(Keywords: csectype-disclosure, privacy, sec-moderate, Whiteboard: [adv-main117+] [adv-esr115.2+])
Attachments
(3 files)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr115+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr115+
|
Details | Review |
|
200 bytes,
text/plain
|
Details |
As it has surfaced here (https://bugzilla.mozilla.org/show_bug.cgi?id=1823752), notifications store is not encrypted on disk in private browsing mode and it could leak sensitive information. There would be a follow up bug to properly encrypt and lifetime notifications store but for now, we want to disable notifications in PBM.
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
||
Comment 1•2 years ago
|
||
The original bug was describing two security problems that could be solved independently, so I'm turning this task bug into one of those security problems. (expiring old notifications might solve the unbounded growth in the other bug, but wouldn't solve this privacy issue)
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 2•2 years ago
|
||
|
||
Comment 4•2 years ago
|
||
Backed out for causing gv-junit failures in WebNotificationTest:
https://hg.mozilla.org/integration/autoland/rev/b93c29f308f934add5aea90aa94080e1c76036ee
Push with failures
Failure log
TEST-UNEXPECTED-FAIL | org.mozilla.geckoview.test.WebNotificationTest#onShowNotification | org.mozilla.geckoview.test.util.UiThreadUtils$TimeoutException: Timed out after 30000ms
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 5•2 years ago
|
||
Depends on D184064
|
|
||
Comment 7•1 years ago
|
||
Backed out for causing geckoview-junit failures related to notifications:
https://hg.mozilla.org/integration/autoland/rev/ffeee9d4fb53c4a78cc804ac8282b86eee9e6c72
Push with failures
Failure log
TEST-UNEXPECTED-FAIL | org.mozilla.geckoview.test.WebNotificationTest#onShowNotification | org.mozilla.geckoview.test.util.UiThreadUtils$TimeoutException: Timed out after 30000ms
TEST-UNEXPECTED-FAIL | org.mozilla.geckoview.test.WebNotificationTest#clickPrivateNotificationParceled | org.mozilla.geckoview.test.util.UiThreadUtils$TimeoutException: Timed out after 30000ms
|
|
||
Comment 9•1 years ago
|
||
Backed out for linting failure:
https://hg.mozilla.org/integration/autoland/rev/e9f4fc15eeeaa49d6f27e920e22a961b173dfa3b
|
|
||
Comment 10•1 years ago
|
||
Also still had a junit failure
TEST-UNEXPECTED-FAIL | org.mozilla.geckoview.test.WebNotificationTest#onShowNotification | org.mozilla.geckoview.test.util.UiThreadUtils$TimeoutException: Timed out after 30000ms
|
|
Assignee | |
Comment 11•1 years ago
|
||
seems like the failing test is an intermittent wich is tracked here? https://bugzilla.mozilla.org/show_bug.cgi?id=1766739
|
|
Assignee | |
Comment 12•1 years ago
|
||
oh I see that the failure reason is different than the one shown in the intermittent. I will investigate this.
|
||
Comment 13•1 years ago
|
||
|
|
||
Comment 14•1 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/ffeb6d319aa9
https://hg.mozilla.org/mozilla-central/rev/5038cbc4c1b3
|
||
Updated•1 years ago
|
|
||
Comment 15•1 years ago
|
||
Please nominate this for Beta and ESR115 approval.
|
|
Assignee | |
Comment 16•1 years ago
|
||
Comment on attachment 9344756 [details]
Bug 1843046: Do not allow notifications in private window.r=#dom-storage-reviewers
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Currently, notifications are stored as a raw data on disk even for private browsing mode which is against firefox's security and privacy promise so we are disabling notifications in private browsing mode entirely such that we could get more time to properly implement private notifications.
- User impact if declined: Firefox would continue to store notifications in raw format on user machines in private session.
- Fix Landed on Version: 117+
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Code changes are not too complicated to apply and changes are only contained within notifications area only.
Beta/Release Uplift Approval Request
- User impact if declined: Currently, notifications are stored as a raw data on disk even for private browsing mode which is against firefox's security and privacy promise so we are disabling notifications in private browsing mode entirely such that we could get more time to properly implement private notifications.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: 1. Load a website which would generate notifications.
- Allow permissions to get notifications (permission dialog wouldn't be generated in private session).
- notifications are not delivered in private browsing session while they continue to deliver in non-private browsing session.
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Code changes are not too complicated to apply and changes are only contained within notifications area only.
- String changes made/needed:
- Is Android affected?: Unknown
|
|
Assignee | |
Updated•1 years ago
|
|
|
Assignee | |
Comment 17•1 years ago
|
||
Comment on attachment 9348190 [details]
Bug 1843046: Ignored a android kt private notification test.r=#geckoview-reviewers
Beta/Release Uplift Approval Request
- User impact if declined:
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky):
- String changes made/needed:
- Is Android affected?: Yes
|
|
||
Comment 18•1 years ago
|
||
Comment on attachment 9344756 [details]
Bug 1843046: Do not allow notifications in private window.r=#dom-storage-reviewers
Approved for 117.0b9 and 115.2esr.
|
|
||
Updated•1 years ago
|
|
|
||
Comment 19•1 years ago
|
||
| uplift | ||
|
|
||
Updated•1 years ago
|
|
||
Updated•1 years ago
|
|
||
Updated•1 years ago
|
|
|
||
Updated•1 years ago
|
|
||
Comment 20•1 years ago
|
||
Do you have an example of a website with a notification on which I can test that this is fixed? Or is the one I used bellow good enough?
I tried a few push notification sample websites like https://cleverpush.com/en/test-notifications/ or https://pushalert.co/demo but using an old Nightly build before the fix (2023-07-12) no notification is shown in Private Window. Same with Firefox 117.0b9 which has the fix.
I also ran into this demo website https://www.bennish.net/web-notifications.html where I saw the following:
- If I open the demo in a private window in the old Nightly build and click on Authorize and then Show, I will get a notification. I will also have data in about:cache?storage=disk from the website.
The output of the console from the demo website:
Permission to display: granted
Notification #1 queued for display
Notification #1 showed
- If I open the demo in a private window in Firefox 117.0b9 build and click on Authorize and then Show, I will NOT get the notification. I will have NO data in about:cache?storage=disk from the website.
The output of the console from the demo website:
Permission to display: denied
Notification #1 queued for display
Notification #1 errored
|
|
Assignee | |
Comment 21•1 years ago
|
||
Yes, https://www.bennish.net/web-notifications.html is the correct one to use for testing.
https://cleverpush.com/en/test-notifications/ website explicitly disables notifications in private session.
|
|
||
Comment 22•1 years ago
|
||
(In reply to Harveer Singh from comment #21)
Yes, https://www.bennish.net/web-notifications.html is the correct one to use for testing.
https://cleverpush.com/en/test-notifications/ website explicitly disables notifications in private session.
Thanks, I verified the behavior described in comment 20 using Latest Nightly 118.0a1 and Firefox 117.0b9 across platforms (Windows 10, macOS 13 and Ubuntu 22.04) on bennish.net website as a demo page, that the notification is disabled in private browsing and no data is stored on disk.
|
|
||
Comment 23•1 years ago
|
||
| uplift | ||
|
|
||
Updated•1 years ago
|
|
|
||
Comment 24•1 years ago
|
||
Also verified as fixed using Firefox 115 esr across platforms (Windows 10, macOS 13 and Ubuntu 22.04).
|
||
Comment 25•1 years ago
|
||
|
|
||
Updated•1 years ago
|
|
|
||
Updated•1 years ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
Description
•