Don't expose the Fennec patch level (13.X.Y) in the UA string, only show the major version (13.X)

RESOLVED FIXED in Firefox 16

Status

()

Firefox for Android
General
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: dao, Unassigned)

Tracking

(Blocks: 1 bug, {privacy})

Trunk
Firefox 16
privacy
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking-fennec1.0 -)

Details

(Whiteboard: fixed by bug 728831, URL)

(Reporter)

Description

6 years ago
+++ This bug was initially created as a clone of Bug #572659 +++

see also bug 728831

Steps to reproduce:
 1) Load http://www.delorie.com:81/some/url.txt

Actual results:
The User-Agent header exposes the security patch level as either a minor version number or as an alpha/beta/pre indicator. This data is exposed twice: in the Gecko version and in the application version.

While it is of value to expose this data to e.g. AMO, exposing it to all sites makes the browser more fingerprintable (see https://panopticlick.eff.org/ ) and doesn't serve a purpose more important than user privacy. Point releases don't change functionality beyond security and stability fixes, so sites shouldn't be sniffing the patch level anyway.

Making trunk, alpha and beta builds look like release builds for sniffing purposes reduces sniffing-related failures that waste time when treated as functionality-related regressions by mistake.

Expected results:
Expected the version numbers to show the major version of the most recent Firefox beta that Mozilla has shipped and not to show the security patch level or an alpha/beta/pre indicator.

Additional information:
Internet Explorer doesn't expose the security patch level in its UA string.
blocking-fennec1.0: --- → ?
(Reporter)

Comment 1

6 years ago
Why should this be blocking?

The current patch in bug 728831 would fix this, by the way.
Depends on: 728831
blocking-fennec1.0: ? → +
(Reporter)

Comment 2

6 years ago
(In reply to Dão Gottwald [:dao] from comment #1)
> Why should this be blocking?

Kevin?
I think that was a mis-flag.  In Triage we said this was blocking-.  (Kevin, correct me if I'm wrong.)
blocking-fennec1.0: + → ---
Dao, every valid bug was asked to be nomed. Matt was correct in that I miss clicked the + when I meant to select -.
blocking-fennec1.0: --- → -
(Reporter)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: fixed by bug 728831
Target Milestone: --- → Firefox 16
You need to log in before you can comment on or make changes to this bug.