Closed
Bug 666663
Opened 13 years ago
Closed 13 years ago
about:crashes page uploads users private data without any prompt or warning
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: andrew, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0 Visiting about:crashes and clicking a link will upload the crash data to the public internet without any warning or prompt, even if the user had previously indicated to the crash reporter that they didn't want to share their private data Reproducible: Always Steps to Reproduce: 1.Visit about:crashes 2.Click a link for a crash report for which uploading was declined. Actual Results: The user's private crash data is uploaded without warning or prompt. Expected Results: The user should be prompted any time their private data is uploaded to outside servers.
Updated•13 years ago
|
Version: unspecified → 5 Branch
Comment 1•13 years ago
|
||
Umm, isn't the Condition of a (unsent) Crash ID to be listed there at all, that it has been opted in in the Crash Reporter beforehand, and just hasn't been sent by Reason X?
Component: Security → Breakpad Integration
Product: Firefox → Toolkit
QA Contact: firefox → breakpad.integration
Comment 2•13 years ago
|
||
(In reply to comment #0) > Visiting about:crashes and clicking a link will upload the crash data to the > public internet without any warning or prompt, even if the user had > previously indicated to the crash reporter that they didn't want to share > their private data This is not true, as I explained in the other bug. If the user unchecks the "Tell Mozilla" checkbox, the crash reporter client will remove the dump file from the disk, and it will not be present in the list in about:crashes. The only crashes that we will automatically submit are crashes that the user attempted to send but failed for some reason (such as network interruption). In this case the user has already decided to send the report, so when they click on the report in about:crashes (which is also an intentional action), resubmitting it feels like the right thing to do. The root cause of the other bug is unknown, which is why I asked for more information there. It's possible we have a bug that caused things to work improperly, but as designed I believe the feature is correct.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Comment 3•13 years ago
|
||
bug 512479 covers the styling of about:crashes.
You need to log in
before you can comment on or make changes to this bug.
Description
•