496595 - Privacy leak in "remember for this site" permission of geolocation - persists outside of private browsing

Status: VERIFIED FIXED

(Firefox :: Private Browsing, defect)

Description

[Aaron Train [:aaronmt]]

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b99) Gecko/20090604 Firefox/3.5b99

Took notice today of a privacy leak in the preference asked in the geolocation notification bar, "remember for this site" - while accessed in private browsing mode.

When returning to the same site through regular browsing, there was no prompt of the geolocation bar. 

It would appear that the site is remembered in private browsing mode and that information persists when returning to a regular browsing state. 

Steps to Reproduce:

1. Made a new profile  
2. Enter PB mode    
3. http://people.mozilla.com/~dougt/geo.html    
4. "Remember for this site" checkmarked   
5. Share location        
6. Exit PB mode      
7. Return to http://people.mozilla.com/~dougt/geo.html

Expected results: geolocation notification bar
Actual results: No geolocation notification bar

Comment 1

[Nochum Sossonko [:Natch]]

See bug 491759 and bug 493122 where this was discovered and is actively being worked on.

Comment 3

[:Gavin Sharp [email: gavin@gavinsharp.com]]

Those bugs are about the token, this bug is about the "remember this choice" flag we set in the permission manager.

How do similar options (like image blocking) work in PB mode?

Comment 4

[Nochum Sossonko [:Natch]]

(In reply to comment #3)
> How do similar options (like image blocking) work in PB mode?

They do *not* get cleared afaik, ehsan can confirm this. I had misread this bug thinking it had to do with the cookie as most other pb-geo bugs were about that. I don't see why pb mode should clear this, all other site settings are kept. Pb mode isn't a clear-history tool, it's a one-time private session. Even settings explicitly allowed *during* pb mode are persisted after pb mode has exited.

Comment 5

[(no longer active)]

Seems like I didn't get some of the bugmail on this bug, weird.

What we do for other permissions in private browsing mode is that we hide the UI which sets them inside the private browsing mode, thus making it impossible for users to inadvertently save permissions which might give away their browsing history.

We need to do something similar here as well; taking.

Comment 6

[(no longer active)]

Attachment: Patch (v1)

patch + unit tests

Comment 7

[Samuel Sidler (old account; do not CC)]

Is mconnor still the right reviewer here?

Comment 8

[(no longer active)]

(In reply to comment #7)
> Is mconnor still the right reviewer here?

Given the fact that he's the only peer for the privatebrowsing module, technically he's the only possible reviewer here.  :-)

Comment 9

[Mike Connor [:mconnor]]

Comment on attachment 381998 [details] [diff] [review]
Patch (v1)

Looks good.

Comment 10

[(no longer active)]

http://hg.mozilla.org/mozilla-central/rev/df80704db254

Comment 11

[Aaron Train [:aaronmt]]

Verified FIXED on trunk

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090802 Minefield/3.6a1pre

Comment 12

[Daniel Veditz [:dveditz]]

Comment on attachment 381998 [details] [diff] [review]
Patch (v1)

Approved for 1.9.1.4, a=dveditz for release-drivers

Comment 13

[(no longer active)]

http://hg.mozilla.org/releases/mozilla-1.9.1/rev/cd009e91b50f

Comment 14

[Al Billings [:abillings - ex-MoCo]]

When I go to http://people.mozilla.com/~dougt/geo.html with my post-fix 1.9.1 build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre) Gecko/20090917 Shiretoko/3.5.4pre) after turning on private browsing mode, I'm still getting the geolocation prompt as a bar at the top of the screen.

The fix is that I shouldn't get this prompt so this appears to be unfixed.

Comment 15

[(no longer active)]

(In reply to comment #14)
> When I go to http://people.mozilla.com/~dougt/geo.html with my post-fix 1.9.1
> build (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre)
> Gecko/20090917 Shiretoko/3.5.4pre) after turning on private browsing mode, I'm
> still getting the geolocation prompt as a bar at the top of the screen.
> 
> The fix is that I shouldn't get this prompt so this appears to be unfixed.

No, the prompt continues to appear, but there should be no "remember" button on it.

Comment 16

[Al Billings [:abillings - ex-MoCo]]

Ah, then this is verified for 1.9.1.4 with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.4pre) Gecko/20090921 Shiretoko/3.5.4pre. I see the difference.