Closed
Bug 851105
Opened 11 years ago
Closed 11 years ago
Data leak due to Yandex autocomplete
Categories
(Firefox :: Extension Compatibility, defect)
Firefox
Extension Compatibility
Tracking
()
RESOLVED
FIXED
People
(Reporter: sbadau, Unassigned)
References
Details
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20130313 Firefox/22.0 Build ID: 20130313031041 Steps to reproduce: 1. Launch Firefox and install Yandex Elements from: http://element.yandex.com/ 2. Open a New Private Window 3. Navigate to nytimes.com 4. Close the private window 5. In normal browsing go to "about:cache" and click on "list cached entries" under Disk Cache Device Expected results: Even if the auto-complete function is given by the Yandex add-on - none of the URL contains "nytimes". Actual results: http://api.browser.yandex.ru/suggest/get-elements?brandid=yandex&locale=en&part=nytimes.com is listed in about cache. Note: Reproducible also on: Firefox 19.0.2, Aurora 21 and Firefox 20 beta 5.
Reporter | ||
Comment 1•11 years ago
|
||
I could not reproduce this issue on Firefox 7.0.1. I'm still investigating this issue and I'll post the results as soon as possible.
Comment 2•11 years ago
|
||
This sounds like a change the authors need to make in the extension.
Blocks: pbnextensions
Component: Private Browsing → Extension Compatibility
Updated•11 years ago
|
tracking-firefox20:
--- → ?
Reporter | ||
Comment 3•11 years ago
|
||
I didn't get any data leak on Firefox 14.0.1 related with Yandex. So I tried to find a regression range between Nightly 14 and Nightly 15, but I get all sort of different data and URL's from Private Browsing (some related with Yandex), making the finding of a regression range very difficult and unreliable.
Comment 4•11 years ago
|
||
(In reply to Josh Matthews [:jdm] from comment #2) > This sounds like a change the authors need to make in the extension. Comment 3 points to this being a change we made (likely the backend changes in FF19?). Even if it's not a regression, we need to help identify what the likely cause is before reaching out about this issue.
Flags: needinfo?(josh)
Comment 5•11 years ago
|
||
Given that it's cache-related, this is almost certainly a result of the changes of bug 722845 in FF 18. They're probably creating a channel (or XMLHttpRequest) that's not associated with a given window, therefore it defaults to public.
Flags: needinfo?(josh)
Updated•11 years ago
|
tracking-firefox20:
? → ---
Comment 6•11 years ago
|
||
Fixed in YandexBar 7.5 (release in april).
Comment 7•11 years ago
|
||
(In reply to Josh Matthews [:jdm] from comment #5) > Given that it's cache-related, this is almost certainly a result of the > changes of bug 722845 in FF 18. They're probably creating a channel (or > XMLHttpRequest) that's not associated with a given window, therefore it > defaults to public. Thank you.
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•