Closed
Bug 729707
Opened 13 years ago
Closed 13 years ago
Spawn a separate instance of plugins for private windows
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jdm, Unassigned)
References
Details
This was suggested in the security review.
|
||
Comment 1•13 years ago
|
||
What would this provide? To the extent that plugins participate in private browsing, it is already a per-instance flag. We obviously can't do this for in-process plugins. So I'm going to WONTFIX this unless somebody comes up with a compelling reason to spend a bunch of engineering and QA work on it.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Well... There is flash cookies, I don't know if there is a way to prevent them from being saved to disk or to prevent them from going system wide. But that's one of the weak points in private browsing. The best way to test to see if Private Browsing is private is to use a site such as http://samy.pl/evercookie/ which sets a random number in all the different possible ways to store information and tries to bring back that number which was generated whenever you revisit it. I tested with firefox/safari and the number was carried over from firefox to safari due to the lso (flash) cookies. If there is an API in the flash plugin to say this is a private session, than we may not need a separate process for it.
When you say Private Browsing, I think no leaks into any other sessions or browsers.
|
|
||
Comment 3•13 years ago
|
||
What has that got to do with this bug? If a plugin doesn't understand the NPAPI annotation for private browsing, then it won't participate. Flash *does* understand that annotation. In either case, using a separate instance doesn't solve any problems.
So your saying we can, without a separate instance of flash, say to keep flash cookies private?
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•