navigator object does not fully reflect user agent settings

RESOLVED FIXED in mozilla1.9beta5

Status

()

defect
RESOLVED FIXED
11 years ago
2 months ago

People

(Reporter: mikeperry.unused, Assigned: gfleischer+bugzilla)

Tracking

({privacy, verified1.8.1.15})

Trunk
mozilla1.9beta5
Points:
---
Bug Flags:
blocking1.9 -
wanted1.8.0.x ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

Reporter

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7

The navigator object does not reflect a spoofed user agent for the following properties:

navigator.oscpu
navigator.productSub

Despite providing a spoofed information to the general.useragent.* settings, these properties reveal the original platform and build date.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Ideally, these properties would obtain their values by parsing the general.useragent.override string, but for many useragents this is not possible. In those cases, either alternate general.useragent.* could be consulted, or these properties would just be undefined.

Comment 1

11 years ago
Why don't you upgrade to 2.0.0.12?
Reporter

Comment 2

11 years ago
Heh. Maybe because the useragent was spoofed? :)
Keywords: privacy
Assignee

Comment 3

11 years ago
In Firefox 2.0.0.12, the 'productSub' value could be set using the 'general.useragent.productSub' preference.  See http://lxr.mozilla.org/mozilla1.8/source/netwerk/protocol/http/src/nsHttpHandler.cpp#830

This functionality no longer exists in the latest trunk.
Reporter

Updated

11 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee

Comment 4

11 years ago
Bug 350521 describes a similar problem with the 'navigator.buildID' value.

To reproduce issue, either manually modify useragent config pref ("general.useragent.override") or use extension such as User Agent Switcher.  Visiting http://pseudo-flaw.net/s/show-oscpu-productsub-buildid.html will show that the 'oscpu', 'productSub' and 'buildID' are still the original values.
Assignee

Comment 5

11 years ago
Posted patch Proposed patch for trunk (obsolete) — Splinter Review
Adds new preferences to allow override of 'navigator.oscpu', 'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"

Additionally, for 'navigator.productSub' checks for the undocumented 1.8 branch pref "general.useragent.productSub".
Assignee

Updated

11 years ago
Attachment #307168 - Flags: superreview?(jst)
Attachment #307168 - Flags: review?(jst)
Assignee

Comment 6

11 years ago
The proposed patch also addresses bug 350521.
Comment on attachment 307168 [details] [diff] [review]
Proposed patch for trunk

+    const nsAdoptingCString& override =
+      nsContentUtils::GetCharPref("general.productSub.override");
+
+    if (override) {
+      CopyUTF8toUTF16(override, aProductSub);
+      return NS_OK;
+    } else {
+      // 'general.useragent.productSub' backwards compatible with 1.8 branch.
+      const nsAdoptingCString& override =
+        nsContentUtils::GetCharPref("general.useragent.productSub");

Might want to rename this override variable to avoid compiler warnings about this one shadowing the above one.

r+sr=jst, thanks for the fix!
Attachment #307168 - Flags: superreview?(jst)
Attachment #307168 - Flags: superreview+
Attachment #307168 - Flags: review?(jst)
Attachment #307168 - Flags: review+
Assignee

Comment 8

11 years ago
Updated patch to remove compiler warnings.
Attachment #307168 - Attachment is obsolete: true
Assignee

Updated

11 years ago
Attachment #307368 - Flags: review+
Reporter

Updated

11 years ago
Keywords: checkin-needed
This isn't a blocker and doesn't have approval.
Component: General → DOM
Keywords: checkin-needed
OS: Windows XP → All
Product: Firefox → Core
QA Contact: general → general
Hardware: PC → All
Version: unspecified → Trunk
Assignee: nobody → gfleischer+bugzilla
Status: NEW → ASSIGNED
Flags: blocking1.9?
Attachment #307368 - Flags: approval1.9?
Comment on attachment 307368 [details] [diff] [review]
Updated trunk patch removes compiler warning

a1.9=beltzner
Attachment #307368 - Flags: approval1.9? → approval1.9+
Not a blocker, but this has approval so feel free to land this.
Flags: blocking1.9? → blocking1.9-
Checking in dom/src/base/nsGlobalWindow.cpp;
/cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v  <--  nsGlobalWindow.cpp
new revision: 1.1001; previous revision: 1.1000
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta5

Updated

11 years ago
Duplicate of this bug: 350521
Reporter

Comment 14

11 years ago
Can we get this backported to 1.8?
Flags: wanted1.8.0.x?
Assignee

Comment 15

11 years ago
Patch for branch that adds new preferences to allow override of 'navigator.oscpu',
'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"
Attachment #322211 - Flags: superreview?
Attachment #322211 - Flags: review?
Attachment #322211 - Flags: approval1.8.1.15?
Assignee

Updated

11 years ago
Attachment #322211 - Flags: superreview?(jst)
Attachment #322211 - Flags: superreview?
Attachment #322211 - Flags: review?(jst)
Attachment #322211 - Flags: review?
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

can't approve until reviewed
Whiteboard: needs r/sr=jst
Attachment #322211 - Flags: superreview?(jst)
Attachment #322211 - Flags: superreview+
Attachment #322211 - Flags: review?(jst)
Attachment #322211 - Flags: review+
Whiteboard: needs r/sr=jst
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

Approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #322211 - Flags: approval1.8.1.15? → approval1.8.1.15+
Fix landed on the 1.8 branch.
Keywords: fixed1.8.1.15
Verified on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.15pre) Gecko/2008061004 BonEcho/2.0.0.15pre

I added the user preferences in about:config and when I loaded the site in comment #4 I got the values I had set the prefs to, for example:

User-Agent: Firefox/1.1.1.1
oscpu: Linux
productSub: 20010101
buildID: 2001010101

In Fx20014 the prefs had no effect and you were still getting the actual user agent values.

Comment 20

10 years ago
javascript can use navigator.buildID to find the exact build time to the second. As far as I know it can send it to the webserver. 'general.buildID.override' does not seem to exist in about:config. So this is a unique or virtually unique identifier - a sort of cookie that is shared by all websites. This is a clear privacy issue. Things like that shouldn't be on by default, without anyone being warned. In this case, it can't even be turned off.
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.