Closed
Bug 573150
Opened 14 years ago
Closed 14 years ago
crash reporter inadvertently sends IE cookies to crash submission URL
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sayrer, Assigned: ted)
Details
(Keywords: privacy)
Attachments
(1 file)
|
925 bytes,
patch
|
ted
:
review+
|
Details | Diff | Splinter Review |
If a user has browser to *.mozilla.com sites, the crash reporter sends those cookies to mozilla.com. we don't want this data.
|
Assignee | |
Comment 1•14 years ago
|
||
Why does it matter? (FWIW, we're just using WinHttp directly, so I guess you must have to opt-out of cookies.)
|
Reporter | |
Comment 2•14 years ago
|
||
It sends tracking cookies that would allow us correlate crashes with website users. we don't want that data.
|
|
Assignee | |
Comment 3•14 years ago
|
||
This got r=nealsid and landed upstream: http://code.google.com/p/google-breakpad/source/detail?r=661 However, I can't actually reproduce the problem as stated on my Windows 7 machine. I wrote a small CGI that sets a cookie and returns a fake CrashID: #!/usr/bin/env python import uuid print "Content-Type: text/plain" print "Set-Cookie: mycookie=awesome" print print "CrashID=bp-" + str(uuid.uuid4()) Loading this (twice) in IE8 and packet sniffing, I can see the cookie being set and sent back with the second request. If I set MOZ_CRASHREPORTER_URL to this same URL, and then crash my Firefox nightly build and submit a crash to this same URL, I do not see the cookie being sent in the POST request. sayrer: can you give me more info on how you discovered this? (Maybe it's fixed in Windows 7?)
Attachment #467755 -
Flags: review+
|
|
Assignee | |
Comment 4•14 years ago
|
||
Pushed to m-c anyway (can't hurt): http://hg.mozilla.org/mozilla-central/rev/844996318d23
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•