Closed Bug 728888 Opened 8 years ago Closed 7 years ago

Don't expose the Fennec patch level (13.X.Y) in the UA string, only show the major version (13.X)

Categories

(Firefox for Android :: General, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 16
Tracking Status
blocking-fennec1.0 --- -

People

(Reporter: dao, Unassigned)

References

(Blocks 1 open bug, )

Details

(Keywords: privacy, Whiteboard: fixed by bug 728831)

+++ This bug was initially created as a clone of Bug #572659 +++

see also bug 728831

Steps to reproduce:
 1) Load http://www.delorie.com:81/some/url.txt

Actual results:
The User-Agent header exposes the security patch level as either a minor version number or as an alpha/beta/pre indicator. This data is exposed twice: in the Gecko version and in the application version.

While it is of value to expose this data to e.g. AMO, exposing it to all sites makes the browser more fingerprintable (see https://panopticlick.eff.org/ ) and doesn't serve a purpose more important than user privacy. Point releases don't change functionality beyond security and stability fixes, so sites shouldn't be sniffing the patch level anyway.

Making trunk, alpha and beta builds look like release builds for sniffing purposes reduces sniffing-related failures that waste time when treated as functionality-related regressions by mistake.

Expected results:
Expected the version numbers to show the major version of the most recent Firefox beta that Mozilla has shipped and not to show the security patch level or an alpha/beta/pre indicator.

Additional information:
Internet Explorer doesn't expose the security patch level in its UA string.
blocking-fennec1.0: --- → ?
Why should this be blocking?

The current patch in bug 728831 would fix this, by the way.
Depends on: 728831
blocking-fennec1.0: ? → +
(In reply to Dão Gottwald [:dao] from comment #1)
> Why should this be blocking?

Kevin?
I think that was a mis-flag.  In Triage we said this was blocking-.  (Kevin, correct me if I'm wrong.)
blocking-fennec1.0: + → ---
Dao, every valid bug was asked to be nomed. Matt was correct in that I miss clicked the + when I meant to select -.
blocking-fennec1.0: --- → -
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Whiteboard: fixed by bug 728831
Target Milestone: --- → Firefox 16
You need to log in before you can comment on or make changes to this bug.