Closed
Bug 503228
Opened 16 years ago
Closed 6 years ago
Unhandled error from BrowserFeedWriter close() method reveals installation path
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gfleischer+bugzilla, Unassigned)
References
Details
(Keywords: privacy, sec-low, Whiteboard: [stepping stone])
Attachments
(1 file)
|
872 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre
Calling the close() method on a newly created BrowserFeedWriter instance generates a detailed error message that includes the file location of FeedWriter.js.
For users that install Firefox on their desktop or other non-standard location, this behavior may reduce their privacy.
Reproducible: Always
|
Reporter | |
Comment 1•16 years ago
|
||
Example of how exception from BrowserFeedWriter close() method can be used to determine installation path.
|
||
Comment 2•16 years ago
|
||
cc'ng Mano for evaluation. Gregory - these bugs with detailed test cases are really helpful, thank you.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 3•16 years ago
|
||
This is a specific case of bug 267645; there are potentially many of these. See also bug 268370.
|
||
Comment 4•16 years ago
|
||
Gregory disclosed this bug today during his DEFCON presentation, "Attacking Tor at the Application Layer".
|
||
Comment 5•13 years ago
|
||
I think this bug is solved, because the Gregory's test output is:
'found location: "resource:///components/FeedWriter.js"'
|
|
||
Updated•12 years ago
|
|
||
Comment 6•6 years ago
|
||
We removed the particular API in question.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•