navigator object does not fully reflect user agent settings

RESOLVED FIXED in mozilla1.9beta5

Status

()

RESOLVED FIXED
11 years ago
9 days ago

People

(Reporter: mikeperry.unused, Assigned: gfleischer+bugzilla)

Tracking

({privacy, verified1.8.1.15})

Trunk
mozilla1.9beta5
privacy, verified1.8.1.15
Points:
---
Bug Flags:
blocking1.9 -
wanted1.8.0.x ?

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7

The navigator object does not reflect a spoofed user agent for the following properties:

navigator.oscpu
navigator.productSub

Despite providing a spoofed information to the general.useragent.* settings, these properties reveal the original platform and build date.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Ideally, these properties would obtain their values by parsing the general.useragent.override string, but for many useragents this is not possible. In those cases, either alternate general.useragent.* could be consulted, or these properties would just be undefined.

Comment 1

11 years ago
Why don't you upgrade to 2.0.0.12?
(Reporter)

Comment 2

11 years ago
Heh. Maybe because the useragent was spoofed? :)
Keywords: privacy
(Assignee)

Comment 3

11 years ago
In Firefox 2.0.0.12, the 'productSub' value could be set using the 'general.useragent.productSub' preference.  See http://lxr.mozilla.org/mozilla1.8/source/netwerk/protocol/http/src/nsHttpHandler.cpp#830

This functionality no longer exists in the latest trunk.
(Reporter)

Updated

11 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 4

11 years ago
Bug 350521 describes a similar problem with the 'navigator.buildID' value.

To reproduce issue, either manually modify useragent config pref ("general.useragent.override") or use extension such as User Agent Switcher.  Visiting http://pseudo-flaw.net/s/show-oscpu-productsub-buildid.html will show that the 'oscpu', 'productSub' and 'buildID' are still the original values.
(Assignee)

Comment 5

11 years ago
Posted patch Proposed patch for trunk (obsolete) — Splinter Review
Adds new preferences to allow override of 'navigator.oscpu', 'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"

Additionally, for 'navigator.productSub' checks for the undocumented 1.8 branch pref "general.useragent.productSub".
(Assignee)

Updated

11 years ago
Attachment #307168 - Flags: superreview?(jst)
Attachment #307168 - Flags: review?(jst)
(Assignee)

Comment 6

11 years ago
The proposed patch also addresses bug 350521.
Comment on attachment 307168 [details] [diff] [review]
Proposed patch for trunk

+    const nsAdoptingCString& override =
+      nsContentUtils::GetCharPref("general.productSub.override");
+
+    if (override) {
+      CopyUTF8toUTF16(override, aProductSub);
+      return NS_OK;
+    } else {
+      // 'general.useragent.productSub' backwards compatible with 1.8 branch.
+      const nsAdoptingCString& override =
+        nsContentUtils::GetCharPref("general.useragent.productSub");

Might want to rename this override variable to avoid compiler warnings about this one shadowing the above one.

r+sr=jst, thanks for the fix!
Attachment #307168 - Flags: superreview?(jst)
Attachment #307168 - Flags: superreview+
Attachment #307168 - Flags: review?(jst)
Attachment #307168 - Flags: review+
(Assignee)

Comment 8

11 years ago
Updated patch to remove compiler warnings.
Attachment #307168 - Attachment is obsolete: true
(Assignee)

Updated

11 years ago
Attachment #307368 - Flags: review+
(Reporter)

Updated

11 years ago
Keywords: checkin-needed
This isn't a blocker and doesn't have approval.
Component: General → DOM
Keywords: checkin-needed
OS: Windows XP → All
Product: Firefox → Core
QA Contact: general → general
Hardware: PC → All
Version: unspecified → Trunk
Assignee: nobody → gfleischer+bugzilla
Status: NEW → ASSIGNED
Flags: blocking1.9?
Attachment #307368 - Flags: approval1.9?
Comment on attachment 307368 [details] [diff] [review]
Updated trunk patch removes compiler warning

a1.9=beltzner
Attachment #307368 - Flags: approval1.9? → approval1.9+
Keywords: checkin-needed
Not a blocker, but this has approval so feel free to land this.
Flags: blocking1.9? → blocking1.9-
Checking in dom/src/base/nsGlobalWindow.cpp;
/cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v  <--  nsGlobalWindow.cpp
new revision: 1.1001; previous revision: 1.1000
done
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta5

Updated

11 years ago
Duplicate of this bug: 350521
(Reporter)

Comment 14

11 years ago
Can we get this backported to 1.8?
Flags: wanted1.8.0.x?
(Assignee)

Comment 15

11 years ago
Patch for branch that adds new preferences to allow override of 'navigator.oscpu',
'navigator.productSub' and 'navigator.buildID':

 - "general.oscpu.override"
 - "general.productSub.override"
 - "general.buildID.override"
Attachment #322211 - Flags: superreview?
Attachment #322211 - Flags: review?
Attachment #322211 - Flags: approval1.8.1.15?
(Assignee)

Updated

11 years ago
Attachment #322211 - Flags: superreview?(jst)
Attachment #322211 - Flags: superreview?
Attachment #322211 - Flags: review?(jst)
Attachment #322211 - Flags: review?
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

can't approve until reviewed
Whiteboard: needs r/sr=jst
Attachment #322211 - Flags: superreview?(jst)
Attachment #322211 - Flags: superreview+
Attachment #322211 - Flags: review?(jst)
Attachment #322211 - Flags: review+
Whiteboard: needs r/sr=jst
Comment on attachment 322211 [details] [diff] [review]
Patch for branch

Approved for 1.8.1.15, a=dveditz for release-drivers
Attachment #322211 - Flags: approval1.8.1.15? → approval1.8.1.15+
Fix landed on the 1.8 branch.
Keywords: fixed1.8.1.15
Verified on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.15pre) Gecko/2008061004 BonEcho/2.0.0.15pre

I added the user preferences in about:config and when I loaded the site in comment #4 I got the values I had set the prefs to, for example:

User-Agent: Firefox/1.1.1.1
oscpu: Linux
productSub: 20010101
buildID: 2001010101

In Fx20014 the prefs had no effect and you were still getting the actual user agent values.
Keywords: fixed1.8.1.15 → verified1.8.1.15

Comment 20

10 years ago
javascript can use navigator.buildID to find the exact build time to the second. As far as I know it can send it to the webserver. 'general.buildID.override' does not seem to exist in about:config. So this is a unique or virtually unique identifier - a sort of cookie that is shared by all websites. This is a clear privacy issue. Things like that shouldn't be on by default, without anyone being warned. In this case, it can't even be turned off.
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.