Last Comment Bug 417994 - navigator object does not fully reflect user agent settings
: navigator object does not fully reflect user agent settings
: privacy, verified1.8.1.15
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: All All
: -- normal with 1 vote (vote)
: mozilla1.9beta5
Assigned To: Gregory Fleischer
: Andrew Overholt [:overholt]
: 350521 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2008-02-16 15:34 PST by Mike Perry
Modified: 2016-09-17 13:37 PDT (History)
8 users (show)
jst: blocking1.9-
mikeperry.unused: wanted1.8.0.x?
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Proposed patch for trunk (2.69 KB, patch)
2008-03-03 21:03 PST, Gregory Fleischer
jst: review+
jst: superreview+
Details | Diff | Splinter Review
Updated trunk patch removes compiler warning (2.69 KB, patch)
2008-03-04 17:39 PST, Gregory Fleischer
gfleischer+bugzilla: review+
mbeltzner: approval1.9+
Details | Diff | Splinter Review
Patch for branch (2.19 KB, patch)
2008-05-22 18:51 PDT, Gregory Fleischer
jst: review+
jst: superreview+
dveditz: approval1.8.1.15+
Details | Diff | Splinter Review

Description Mike Perry 2008-02-16 15:34:24 PST
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070914 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070914 Firefox/

The navigator object does not reflect a spoofed user agent for the following properties:


Despite providing a spoofed information to the general.useragent.* settings, these properties reveal the original platform and build date.

Reproducible: Always

Steps to Reproduce:
Actual Results:  
Ideally, these properties would obtain their values by parsing the general.useragent.override string, but for many useragents this is not possible. In those cases, either alternate general.useragent.* could be consulted, or these properties would just be undefined.
Comment 1 Aakash Patel 2008-02-17 14:14:12 PST
Why don't you upgrade to
Comment 2 Mike Perry 2008-02-22 00:47:00 PST
Heh. Maybe because the useragent was spoofed? :)
Comment 3 Gregory Fleischer 2008-02-28 13:51:49 PST
In Firefox, the 'productSub' value could be set using the 'general.useragent.productSub' preference.  See

This functionality no longer exists in the latest trunk.
Comment 4 Gregory Fleischer 2008-03-03 20:53:55 PST
Bug 350521 describes a similar problem with the 'navigator.buildID' value.

To reproduce issue, either manually modify useragent config pref ("general.useragent.override") or use extension such as User Agent Switcher.  Visiting will show that the 'oscpu', 'productSub' and 'buildID' are still the original values.
Comment 5 Gregory Fleischer 2008-03-03 21:03:09 PST
Created attachment 307168 [details] [diff] [review]
Proposed patch for trunk

Adds new preferences to allow override of 'navigator.oscpu', 'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"

Additionally, for 'navigator.productSub' checks for the undocumented 1.8 branch pref "general.useragent.productSub".
Comment 6 Gregory Fleischer 2008-03-04 09:34:42 PST
The proposed patch also addresses bug 350521.
Comment 7 Johnny Stenback (:jst, 2008-03-04 12:58:22 PST
Comment on attachment 307168 [details] [diff] [review]
Proposed patch for trunk

+    const nsAdoptingCString& override =
+      nsContentUtils::GetCharPref("general.productSub.override");
+    if (override) {
+      CopyUTF8toUTF16(override, aProductSub);
+      return NS_OK;
+    } else {
+      // 'general.useragent.productSub' backwards compatible with 1.8 branch.
+      const nsAdoptingCString& override =
+        nsContentUtils::GetCharPref("general.useragent.productSub");

Might want to rename this override variable to avoid compiler warnings about this one shadowing the above one.

r+sr=jst, thanks for the fix!
Comment 8 Gregory Fleischer 2008-03-04 17:39:07 PST
Created attachment 307368 [details] [diff] [review]
Updated trunk patch removes compiler warning

Updated patch to remove compiler warnings.
Comment 9 Reed Loden [:reed] (use needinfo?) 2008-03-04 23:11:23 PST
This isn't a blocker and doesn't have approval.
Comment 10 Mike Beltzner [:beltzner, not reading bugmail] 2008-03-05 08:41:33 PST
Comment on attachment 307368 [details] [diff] [review]
Updated trunk patch removes compiler warning

Comment 11 Johnny Stenback (:jst, 2008-03-07 13:53:28 PST
Not a blocker, but this has approval so feel free to land this.
Comment 12 Reed Loden [:reed] (use needinfo?) 2008-03-08 03:19:48 PST
Checking in dom/src/base/nsGlobalWindow.cpp;
/cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v  <--  nsGlobalWindow.cpp
new revision: 1.1001; previous revision: 1.1000
Comment 13 Zach Lipton [:zach] 2008-05-15 11:35:16 PDT
*** Bug 350521 has been marked as a duplicate of this bug. ***
Comment 14 Mike Perry 2008-05-22 00:07:51 PDT
Can we get this backported to 1.8?
Comment 15 Gregory Fleischer 2008-05-22 18:51:24 PDT
Created attachment 322211 [details] [diff] [review]
Patch for branch

Patch for branch that adds new preferences to allow override of 'navigator.oscpu',
'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"
Comment 16 Daniel Veditz [:dveditz] 2008-05-23 11:07:36 PDT
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

can't approve until reviewed
Comment 17 Daniel Veditz [:dveditz] 2008-06-04 11:35:38 PDT
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

Approved for, a=dveditz for release-drivers
Comment 18 Johnny Stenback (:jst, 2008-06-04 12:42:40 PDT
Fix landed on the 1.8 branch.
Comment 19 juan becerra [:juanb] 2008-06-10 16:36:53 PDT
Verified on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv: Gecko/2008061004 BonEcho/

I added the user preferences in about:config and when I loaded the site in comment #4 I got the values I had set the prefs to, for example:

User-Agent: Firefox/
oscpu: Linux
productSub: 20010101
buildID: 2001010101

In Fx20014 the prefs had no effect and you were still getting the actual user agent values.
Comment 20 peter_jonson 2009-10-29 04:52:50 PDT
javascript can use navigator.buildID to find the exact build time to the second. As far as I know it can send it to the webserver. 'general.buildID.override' does not seem to exist in about:config. So this is a unique or virtually unique identifier - a sort of cookie that is shared by all websites. This is a clear privacy issue. Things like that shouldn't be on by default, without anyone being warned. In this case, it can't even be turned off.

Note You need to log in before you can comment on or make changes to this bug.