Open Bug 553406 Opened 14 years ago Updated 2 years ago

Crash reporter can leak info from Private Browsing mode

Categories

(Toolkit :: Crash Reporting, defect)

Product:
Toolkit
Component:
Crash Reporting
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
blocking2.0 --- -
blocking1.9.2 --- -

People

(Reporter: Dolske, Unassigned)

Details

(Keywords: privacy) 

When a crash occurs in private browsing mode, we write out a binary minidump (with stack info) and .extras file with text annotations. The minidump can contain all kinds of potentially sensitive things, and the .extras file will usually contain the last URL visited.

If the report is successfully submitted, the local files are deleted and everything is OK. But if submission fails, the minidump and .extras files are saved in the $appdir/Crash Reports/pending, and may stay there for quite a long time.

We should do something so that if a crash report is generated while in PB mode, this data should be purged as soon as possible, even if submission fails.

[I don't believe we should disabled crash reporter wholesale in PB mode... Submitted crash reports are unlikely to reveal any sensitive data, unless the user wrote something revealing in the comments field.]
This won't block the branches, but if we get a tested and baked patch it's a good candidate for back porting!
blocking1.9.2: ? → -
Keywords: privacy
IMHO, the user should have the option to disable writing the minidump and .extras file. After all, one goal of private browsing mode is to protect against local privacy leaks.
It would be simple enough to make private browsing mode save state somewhere that gets passed to the crash reporter (via environment variable or otherwise), and have the crash reporter remove the crash report even if it fails to submit in that case. (Normally we remove the crash report if it submits, but leave it in "pending" if it fails so the user can resubmit it.)
blocking2.0: ? → final+
I think this has fallen out of scope for Firefox 4 at this point. This requires a crash in PB mode AND a failed submission; pretty edge. We should fix it, but not block on fixing it.
blocking2.0: final+ → -
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.