Make Javascript locale spoofing fine-grained and configurable per-realm
Categories
(Core :: Security, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox119 | --- | fixed |
People
(Reporter: tschuster, Assigned: tschuster)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [fpp:m5])
Attachments
(4 files)
Currently when the preference javascript.use_us_english_locale is set to true (usually indirectly via privacy.spoof_english) we will set the default locale for every SpiderMonkey runtime to "en-US". Similar to what we did for timezones (bug 1709867), we should instead make this configurable per realm. This also means chrome code can now use the right locale and have e.g. the OS language for date strings etc.
|
||
Comment 1•1 year ago
•
|
||
I don't want to add any much noise (and am eagerly awaiting this) - just going to note that spoof_english / use_us_english had extra patches (e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1746668#c6) - date picker might be the only one, TBH :)
what I proposed was to make the web content language and web content locale "match" [1] so that all resolved options in all Intl APIs use that and it becomes deterministic (also see Bug 1823580). The date picker sounds like it can leak app locale - so when we drop the use_us_english patch and cover all locales languages, we need to think about the date picker, in another follow up bug - IIUIC - I'll leave that up to you to log (and cc me if you can, thanks)
[1] "match" is doing a lot of heavy lifting
Are you thinking of making all es* languages use es locale? (there are at least 30 spanish locales and most are uniquely identifiable in Intl). Same goes for english (I count 111 english locales). This doesn't matter for so much for Tor Browser, we only ship one of each language (i.e one spanish, one arabic, one english etc - and only allow one of each language via the UI). Or will you allow each language (more user friendly)
edit
and only allow one of each language via the UI
ugh, I keep confusing the application language and the web content one (Choose your preferred language for displaying pages). TB does not restrict the web content language options at all, which is a separate issue
|
Assignee | |
Comment 2•1 year ago
|
||
Are you thinking of making all
es*languages useeslocale? [...]
Yes, we have talked about doing this, but this is not going to be implemented in this bug. However this bug is written in a way that makes this easier, because we can specify the exact locale that should be spoofed instead of just en-US.
This patch is really just for everything exposed by the JS engine, so e.g. not the date-time picker, but something like Intl.NumberFormat. I think it pretty likely that we will have webExposedLocales (for the time picker) and the JS locale match of course.
|
|
Assignee | |
Comment 3•1 year ago
|
||
Depends on D184943
|
|
Assignee | |
Comment 4•1 year ago
|
||
Depends on D184944
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 5•1 year ago
|
||
With this code we would continue to override all locales anyway.
Like with timezones the possibility exists that this covered up something that we aren't spoofing now.
Depends on D184945
|
|
Assignee | |
Comment 6•1 year ago
|
||
It's not clear to me why this pref existed before. Maybe I am missing something.
Depends on D185432
|
||
Comment 7•1 year ago
|
||
Simon - This is going to affect locale spoofing in Javascript. It will make the locale spoofable on a per-document basis, so if you've exempted a site (RFP-exemption, using the pref) then the locale should not be spoofed.
We don't think, but it is possible, that there is some feature or property in JavaScript (e.g. a date localization or something) relating to locales that stops being spoofed after this patch. If you notice anything, let us know! Thanks.
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Comment 9•1 year ago
•
|
||
Backed out for causing spidermonkey build bustages on TestingUtility.cpp.
[task 2023-09-08T13:52:32.914Z] gmake[4]: Entering directory '/builds/worker/workspace/obj-spider/js/src'
[task 2023-09-08T13:52:32.914Z] /builds/worker/fetches/clang/bin/clang++ --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu -o TestingUtility.o -c -I/builds/worker/workspace/obj-spider/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -ftrivial-auto-var-init=pattern -DDEBUG=1 -DWASM_SUPPORTS_HUGE_MEMORY -DJS_CACHEIR_SPEW -DJS_STRUCTURED_SPEW -DEXPORT_JS_API -DMOZ_HAS_MOZGLUE -I/builds/worker/checkouts/gecko/js/src -I/builds/worker/workspace/obj-spider/js/src -I/builds/worker/workspace/obj-spider/dist/include -I/builds/worker/workspace/obj-spider/dist/include/nspr -I/builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-spider/js/src/js-confdefs.h -D_GLIBCXX_USE_CXX11_ABI=0 -fno-sized-deallocation -fno-aligned-new -fPIC -fno-rtti -ffunction-sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -gdwarf-4 -Xclang -load -Xclang /builds/worker/workspace/obj-spider/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O3 -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wbitfield-enum-conversion -Wdeprecated-this-capture -Wempty-body -Wformat-type-confusion -Wignored-qualifiers -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtautological-constant-in-range-compare -Wtype-limits -Wno-error=tautological-type-limit-compare -Wunreachable-code -Wunreachable-code-return -Wunused-but-set-parameter -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wno-range-loop-analysis -Wc++2a-compat -Wenum-compare-conditional -Wenum-float-conversion -Wno-error=deprecated -Wno-error=deprecated-anon-enum-enum-conversion -Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated-pragma -Wno-error=deprecated-this-capture -Wcomma -Wimplicit-fallthrough -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wformat -Wformat-security -Wno-psabi -Wthread-safety -Wno-error=builtin-macro-redefined -Wno-unknown-warning-option -Werror=format -fstandalone-debug -fno-strict-aliasing -ffp-contract=off -MD -MP -MF .deps/TestingUtility.o.pp /builds/worker/checkouts/gecko/js/src/builtin/TestingUtility.cpp
[task 2023-09-08T13:52:32.914Z] /builds/worker/checkouts/gecko/js/src/builtin/TestingUtility.cpp:267:5: error: use of undeclared identifier 'ReportUsageErrorASCII'
[task 2023-09-08T13:52:32.914Z] ReportUsageErrorASCII(cx, callee,
[task 2023-09-08T13:52:32.914Z] ^
[task 2023-09-08T13:52:32.914Z] /builds/worker/checkouts/gecko/js/src/builtin/TestingUtility.cpp:284:5: error: use of undeclared identifier 'ReportUsageErrorASCII'
[task 2023-09-08T13:52:32.914Z] ReportUsageErrorASCII(cx, callee,
[task 2023-09-08T13:52:32.914Z] ^
[task 2023-09-08T13:52:32.914Z] 2 errors generated.
[task 2023-09-08T13:52:32.914Z] gmake[4]: *** [/builds/worker/checkouts/gecko/config/rules.mk:660: TestingUtility.o] Error 1
[task 2023-09-08T13:52:32.914Z] gmake[4]: Leaving directory '/builds/worker/workspace/obj-spider/js/src'
[task 2023-09-08T13:52:32.914Z] gmake[4]: Entering directory '/builds/worker/workspace/obj-spider/js/src'
[task 2023-09-08T13:52:32.914Z] js/src/WeakSetObject.o
[task 2023-09-08T13:52:32.914Z] gmake[4]: Leaving directory '/builds/worker/workspace/obj-spider/js/src'
LATER EDIT: it seems that this does not affect only spidermonkey builds because later this Bp-nu build failed
|
||
Comment 10•1 year ago
|
||
|
||
Comment 11•1 year ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/8e6c7b85d0db
https://hg.mozilla.org/mozilla-central/rev/6237557d2dc4
https://hg.mozilla.org/mozilla-central/rev/2c6003a3e3db
https://hg.mozilla.org/mozilla-central/rev/c5328183c81f
|
|
Assignee | |
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
Description
•