Closed
Bug 1903559
Opened 1 year ago
Closed 1 year ago
ShouldResistFingerprinting_dangerous computes private browsing state wrongly
Categories
(Core :: Privacy: Anti-Tracking, defect)
Core
Privacy: Anti-Tracking
Tracking
()
RESOLVED
FIXED
129 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox127 | --- | wontfix |
| firefox128 | --- | fixed |
| firefox129 | --- | fixed |
People
(Reporter: emz, Assigned: timhuang)
References
(Regression)
Details
(Keywords: regression)
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
The condition here is wrong: https://searchfox.org/mozilla-central/rev/b11735b86bb4d416c918e2b2413456561beff50c/dom/base/nsContentUtils.cpp#2629-2630
We end up with a flipped logic where isPBM is true for normal browsing. That's because nsIScriptSecurityManager::DEFAULT_PRIVATE_BROWSING_ID=0 is normal browsing.
|
||
Comment 1•1 year ago
|
||
Set release status flags based on info from the regressing bug 1851816
status-firefox127:
--- → affected
status-firefox128:
--- → affected
status-firefox129:
--- → affected
status-firefox-esr115:
--- → unaffected
|
Assignee | |
Updated•1 year ago
|
Assignee: nobody → tihuang
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•1 year ago
|
||
Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/86ebfa1aeae2
Fix the isPBM check in nsContentUtils::ShouldResistFingerprinting_dangerous(). r=tschuster
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 129 Branch
|
|
||
Comment 5•1 year ago
|
||
The patch landed in nightly and beta is affected.
:timhuang, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox128towontfix.
For more information, please visit BugBot documentation.
Flags: needinfo?(tihuang)
|
|
Assignee | |
Updated•1 year ago
|
Flags: needinfo?(tihuang)
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 6•1 year ago
|
||
Apparently, we need to uplift this fix to beta so that the next ESR version won't miss this.
|
|
Assignee | |
Comment 7•1 year ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D214356
|
||
Updated•1 year ago
|
Attachment #9409781 -
Flags: approval-mozilla-beta?
|
|
||
Comment 8•1 year ago
|
||
beta Uplift Approval Request
- User impact if declined: Users will have incorrect fingerprinting resistances for private browsing windows
- Code covered by automated testing: no
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: None
- Risk associated with taking this patch: Low risk
- Explanation of risk level: We only change one line in the patch
- String changes made/needed: nope
- Is Android affected?: yes
|
|
||
Updated•1 year ago
|
Attachment #9409781 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Updated•1 year ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•