Privacy leak in "remember for this site" permission of geolocation - persists outside of private browsing

VERIFIED FIXED in Firefox 3.6a1

Status

()

defect
VERIFIED FIXED
10 years ago
10 years ago

People

(Reporter: aaronmt, Assigned: Ehsan)

Tracking

({privacy, verified1.9.1})

Trunk
Firefox 3.6a1
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(status1.9.1 .4-fixed)

Details

(Whiteboard: [3.5Beta99testday], )

Attachments

(1 attachment)

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b99) Gecko/20090604 Firefox/3.5b99

Took notice today of a privacy leak in the preference asked in the geolocation notification bar, "remember for this site" - while accessed in private browsing mode.

When returning to the same site through regular browsing, there was no prompt of the geolocation bar. 

It would appear that the site is remembered in private browsing mode and that information persists when returning to a regular browsing state. 

Steps to Reproduce:

1. Made a new profile  
2. Enter PB mode    
3. http://people.mozilla.com/~dougt/geo.html    
4. "Remember for this site" checkmarked   
5. Share location        
6. Exit PB mode      
7. Return to http://people.mozilla.com/~dougt/geo.html

Expected results: geolocation notification bar
Actual results: No geolocation notification bar
Whiteboard: 3.5Beta99testday
See bug 491759 and bug 493122 where this was discovered and is actively being worked on.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 491759
Status: RESOLVED → VERIFIED
Component: Private Browsing → Geolocation
Product: Firefox → Core
QA Contact: private.browsing → geolocation
Version: 3.5 Branch → 1.9.1 Branch
Those bugs are about the token, this bug is about the "remember this choice" flag we set in the permission manager.

How do similar options (like image blocking) work in PB mode?
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Summary: [3.5Beta99testday] Privacy leak in "remember for this site" pref of geolocation - persists outside of private browsing → Privacy leak in "remember for this site" pref of geolocation - persists outside of private browsing
Whiteboard: 3.5Beta99testday → [3.5Beta99testday]
(In reply to comment #3)
> How do similar options (like image blocking) work in PB mode?

They do *not* get cleared afaik, ehsan can confirm this. I had misread this bug thinking it had to do with the cookie as most other pb-geo bugs were about that. I don't see why pb mode should clear this, all other site settings are kept. Pb mode isn't a clear-history tool, it's a one-time private session. Even settings explicitly allowed *during* pb mode are persisted after pb mode has exited.
Seems like I didn't get some of the bugmail on this bug, weird.

What we do for other permissions in private browsing mode is that we hide the UI which sets them inside the private browsing mode, thus making it impossible for users to inadvertently save permissions which might give away their browsing history.

We need to do something similar here as well; taking.
Status: REOPENED → ASSIGNED
Component: Geolocation → Private Browsing
Keywords: privacy
Product: Core → Firefox
QA Contact: geolocation → private.browsing
Summary: Privacy leak in "remember for this site" pref of geolocation - persists outside of private browsing → Privacy leak in "remember for this site" permission of geolocation - persists outside of private browsing
Version: 1.9.1 Branch → Trunk
Assignee: nobody → ehsan.akhgari
Flags: wanted1.9.1.x?
Posted patch Patch (v1)Splinter Review
patch + unit tests
Attachment #381998 - Flags: review?(mconnor)
Is mconnor still the right reviewer here?
status1.9.1: --- → ?
Flags: wanted1.9.1.x?
Whiteboard: [3.5Beta99testday] → [3.5Beta99testday][needs r=mconnor]
(In reply to comment #7)
> Is mconnor still the right reviewer here?

Given the fact that he's the only peer for the privatebrowsing module, technically he's the only possible reviewer here.  :-)
Comment on attachment 381998 [details] [diff] [review]
Patch (v1)

Looks good.
Attachment #381998 - Flags: review?(mconnor) → review+
http://hg.mozilla.org/mozilla-central/rev/df80704db254
Status: ASSIGNED → RESOLVED
Closed: 10 years ago10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [3.5Beta99testday][needs r=mconnor] → [3.5Beta99testday]
Target Milestone: --- → Firefox 3.6a1
Attachment #381998 - Flags: approval1.9.1.3?
Verified FIXED on trunk

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090802 Minefield/3.6a1pre
Status: RESOLVED → VERIFIED
Comment on attachment 381998 [details] [diff] [review]
Patch (v1)

Approved for 1.9.1.4, a=dveditz for release-drivers
Attachment #381998 - Flags: approval1.9.1.3? → approval1.9.1.4+
When I go to http://people.mozilla.com/~dougt/geo.html with my post-fix 1.9.1 build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre) Gecko/20090917 Shiretoko/3.5.4pre) after turning on private browsing mode, I'm still getting the geolocation prompt as a bar at the top of the screen.

The fix is that I shouldn't get this prompt so this appears to be unfixed.
(In reply to comment #14)
> When I go to http://people.mozilla.com/~dougt/geo.html with my post-fix 1.9.1
> build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre)
> Gecko/20090917 Shiretoko/3.5.4pre) after turning on private browsing mode, I'm
> still getting the geolocation prompt as a bar at the top of the screen.
> 
> The fix is that I shouldn't get this prompt so this appears to be unfixed.

No, the prompt continues to appear, but there should be no "remember" button on it.
Ah, then this is verified for 1.9.1.4 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre) Gecko/20090921 Shiretoko/3.5.4pre. I see the difference.
Keywords: verified1.9.1
You need to log in before you can comment on or make changes to this bug.