Open
Bug 503221
Opened 16 years ago
Updated 2 years ago
Locale can be determined using jar: protocol to test resource:///chrome/ entries
Categories
(Core :: General, defect)
Tracking
()
NEW
People
(Reporter: gfleischer+bugzilla, Unassigned)
Details
(Whiteboard: [fingerprinting])
Attachments
(1 file)
|
1.88 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre
The jar: protocol can be used to load resource:///chrome/ entries as script. By examining error responses to differentiate between load failure and parse errors, the locale of the browser can be determined.
For users that have modified their user-agent string to mask their actual
locale, this behavior may reduce their privacy.
Reproducible: Always
|
Reporter | |
Comment 1•16 years ago
|
||
demonstration of using jar: protocol to load resource:///chrome/ entries to determine locale.
|
||
Comment 2•16 years ago
|
||
This is similar to bug 292789, where you could detect the presence of various extensions by loading chrome: URIs from content. I don't think this is serious enough to keep private.
You can do the same thing with chrome://global/locale/ can't you?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → general
|
|
||
Updated•16 years ago
|
Group: core-security
|
||
Comment 3•16 years ago
|
||
Why is jar: even relevant here? Just because those files are jars?
|
|
Reporter | |
Comment 4•16 years ago
|
||
(In reply to comment #2)
> This is similar to bug 292789, where you could detect the presence of various
> extensions by loading chrome: URIs from content. I don't think this is serious
> enough to keep private.
In Firefox 2, detailed script parse errors were generated. This allowed for partial content reading. Beginning with Firefox 3, this was no longer possible.
In general, there are three tests that could be applied using script to read resource and chrome files:
1) the file does not exist
2) file exists but can't be parsed as script
3) file exists and can be parsed as script
> You can do the same thing with chrome://global/locale/ can't you?
chrome://global/locale/ gets resolved to the appropriate locale. Because we can't access any content, we don't get any additional information about what locale it is.
|
|
Reporter | |
Comment 5•16 years ago
|
||
(In reply to comment #3)
> Why is jar: even relevant here? Just because those files are jars?
Using jar: provided the appropriate negative response to detect missing files.
It is quite possible that jar: wouldn't be required.
|
||
Comment 6•6 years ago
|
||
jar: is dead; but this technique may still be valid; will need to investigate...
Whiteboard: [fingerprinting]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•