Strict ETP features list missing cryptominers
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox-esr140 | --- | verified |
| firefox140 | --- | wontfix |
| firefox141 | --- | verified |
| firefox142 | --- | verified |
| firefox143 | --- | verified |
People
(Reporter: jscher2000, Assigned: wwen)
References
(Regression)
Details
(Keywords: regression)
Attachments
(4 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-release+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr140+
|
Details | Review |
Bug 1956556 changed the feature string for cryptomining protection from "cm" to "cryptoTP" in various files, but one file was overlooked: the privacy.js file that configures the lists shown on the Settings page.
This affects the Strict mode list because the rulesArray for Strict mode is built from the value of browser.contentblocking.features.strict, which uses the new string. Ref. https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js#1403
On the other hand, the Standard mode rulesArray is built using the old string:
rulesArray.push(
defaults.getBoolPref(
"privacy.trackingprotection.cryptomining.enabled"
)
? "cm"
: "-cm"
);
https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js#1469
Then irrespective of source, the rulesArray is parsed using the old string, which causes the miss for the Strict mode list:
case "cm":
document.querySelector(selector + " .cryptominers-option").hidden =
false;
break;
case "-cm":
document.querySelector(selector + " .cryptominers-option").hidden =
true;
break;
https://searchfox.org/mozilla-central/source/browser/components/preferences/privacy.js#1548
This discrepancy was identified as a source of alarm by a Redditor: https://old.reddit.com/r/firefox/comments/1ly588i/no_mention_of_cryptominers_in_strict_tracking/
Seems that privacy.js needs to be updated to use the new string.
|
||
Comment 1•7 months ago
|
||
Set release status flags based on info from the regressing bug 1956556
:wwen, since you are the author of the regressor, bug 1956556, could you take a look?
For more information, please visit BugBot documentation.
|
||
Updated•7 months ago
|
|
Assignee | |
Comment 2•6 months ago
|
||
|
||
Updated•6 months ago
|
|
||
Comment 3•6 months ago
|
||
Mark, could that be in our planned dot release? Thanks
|
|
Assignee | |
Updated•6 months ago
|
|
|
||
Comment 4•6 months ago
|
||
Set release status flags based on info from the regressing bug 1956556
|
|
||
Updated•6 months ago
|
|
||
Comment 6•6 months ago
|
||
| bugherder | ||
|
|
||
Comment 7•6 months ago
|
||
The patch landed in nightly and beta is affected.
:wwen, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- See https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift for documentation on how to request an uplift.
- If no, please set
status-firefox142towontfix.
For more information, please visit BugBot documentation.
|
||
Comment 8•6 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D257271
|
|
||
Updated•6 months ago
|
|
|
||
Comment 9•6 months ago
|
||
firefox-beta Uplift Approval Request
- User impact if declined: The crytominer blocking won't be configured properly if users changes ETP settings
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: None
- Risk associated with taking this patch: Low
- Explanation of risk level: The change is small.
- String changes made/needed: None
- Is Android affected?: no
|
|
||
Updated•6 months ago
|
|
||
Updated•6 months ago
|
|
||
Comment 10•6 months ago
|
||
| uplift | ||
|
||
Updated•6 months ago
|
|
||
Comment 11•6 months ago
|
||
Please add Release and ESR140 requests also when you get a chance.
|
|
||
Comment 12•6 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D257271
|
|
||
Updated•6 months ago
|
|
|
||
Comment 13•6 months ago
|
||
firefox-release Uplift Approval Request
- User impact if declined: The crytominer blocking won't be configured properly if users changes ETP settings
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: None
- Risk associated with taking this patch: low
- Explanation of risk level: The change is small.
- String changes made/needed: None
- Is Android affected?: no
|
|
||
Comment 14•6 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D257271
|
|
||
Updated•6 months ago
|
|
|
||
Comment 15•6 months ago
|
||
firefox-esr140 Uplift Approval Request
- User impact if declined: The crytominer blocking won't be configured properly if users changes ETP settings
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: None
- Risk associated with taking this patch: Low
- Explanation of risk level: The change is small.
- String changes made/needed: None
- Is Android affected?: no
|
|
||
Updated•6 months ago
|
|
|
||
Updated•6 months ago
|
|
|
||
Updated•6 months ago
|
|
|
||
Comment 16•6 months ago
|
||
| uplift | ||
|
|
||
Updated•6 months ago
|
|
|
||
Updated•6 months ago
|
|
|
||
Comment 17•6 months ago
|
||
| uplift | ||
|
||
Updated•6 months ago
|
|
||
Comment 18•6 months ago
|
||
FYI this was fixed upstream on Puppeteer side via https://github.com/puppeteer/puppeteer/pull/14028.
|
||
Updated•6 months ago
|
|
|
||
Updated•6 months ago
|
|
||
Comment 19•6 months ago
|
||
I've reproduced this issue using an affected Nightly build (2025-07-12) on Win 11.
The issue is verified as fixed on the fixed builds: 143.0a1, 142.0, 141.0.3 and 140.2.0 Esr.
Description
•