Tabbed browser should use favicon sevice in a privacy-aware way

RESOLVED FIXED in seamonkey2.20

Status

Product:
SeaMonkey
Component:
Tabbed Browser
RESOLVED FIXED
Reported:
4 years ago
Modified:
4 years ago

People

(Reporter: neil@parkwaycc.co.uk, Assigned: neil@parkwaycc.co.uk)

Tracking

(Blocks: 1 bug)

Version:
unspecified
Target:
seamonkey2.20

SeaMonkey Tracking Flags

(seamonkey2.18 fixed, seamonkey2.19 fixed)

Details

Attachments

(1 attachment)

Possible patch
3.31 KB, patch
Philip Chee
: review+
Ian Neal
: approval-comm-aurora+
Ian Neal
: approval-comm-beta+
Details | Diff | Splinter Review
(Assignee)

Description

4 years ago 
Not exactly sure what it achieves but it probably avoids storing cookies for instance.

Compare bug 856322.
(Assignee)

Comment 1

4 years ago 
Created attachment 731624 [details] [diff] [review]
Possible patch
Assignee: nobody → neil
Status: NEW → ASSIGNED
Attachment #731624 - Flags: review?(philip.chee)

Comment 2

4 years ago 
Comment on attachment 731624 [details] [diff] [review]
Possible patch

> -      <field name="mMissedIconCache">
> -        null
Good catch!

>       <field name="mFaviconService" readonly="true">
>         Components.classes["@mozilla.org/browser/favicon-service;1"]
>                   .getService(Components.interfaces.nsIFaviconService)
>                   .QueryInterface(Components.interfaces.mozIAsyncFavicons);
>       </field>

While you're at it, get rid of the QI and getService(mozIAsyncFavicons) directly. I think mozIAsyncFavicons/nsIFaviconService have ClassInfo because when I inspect mozIAsyncFavicons, I get:

> [xpconnect wrapped (nsISupports, nsIFaviconService, mozIAsyncFavicons, nsITimerCallback)]

r=me from code inspection.
Attachment #731624 - Flags: review?(philip.chee) → review+
(Assignee)

Comment 3

4 years ago 
Pushed comm-central changeset 04bd0d8809c9.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
 (Assignee)

Updated

4 years ago
status-seamonkey2.18: --- → affected
status-seamonkey2.19: --- → affected
Target Milestone: --- → seamonkey2.20
 (Assignee)

Comment 4

4 years ago 
Comment on attachment 731624 [details] [diff] [review]
Possible patch

[Approval Request Comment]
Regression caused by (bug #): 
User impact if declined: Potential favicon information leak
Testing completed (on m-c, etc.): None
Risk to taking this patch (and alternatives if risky): 
String changes made by this patch: None
Attachment #731624 - Flags: approval-comm-beta?
Attachment #731624 - Flags: approval-comm-aurora?

Updated

4 years ago
Attachment #731624 - Flags: approval-comm-beta?
Attachment #731624 - Flags: approval-comm-beta+
Attachment #731624 - Flags: approval-comm-aurora?
Attachment #731624 - Flags: approval-comm-aurora+
 (Assignee)

Comment 5

4 years ago 
https://hg.mozilla.org/releases/comm-aurora/rev/75b4b6fe8b77
status-seamonkey2.19: affected → fixed
 (Assignee)

Comment 6

4 years ago 
(In reply to Philip Chee from comment #2)
> (From update of attachment 731624 [details] [diff] [review])
> >       <field name="mFaviconService" readonly="true">
> >         Components.classes["@mozilla.org/browser/favicon-service;1"]
> >                   .getService(Components.interfaces.nsIFaviconService)
> >                   .QueryInterface(Components.interfaces.mozIAsyncFavicons);
> >       </field>
> 
> While you're at it, get rid of the QI and getService(mozIAsyncFavicons)
> directly. I think mozIAsyncFavicons/nsIFaviconService have ClassInfo because
> when I inspect mozIAsyncFavicons, I get:
> 
> > [xpconnect wrapped (nsISupports, nsIFaviconService, mozIAsyncFavicons, nsITimerCallback)]
> 
> r=me from code inspection.

Sorry, I forgot about this. (But I should get the constants from Components.interfaces.nsIFaviconService at the same time.)
 (Assignee)

Comment 7

4 years ago 
http://hg.mozilla.org/releases/comm-beta/rev/73971e6fef8d
status-seamonkey2.18: affected → fixed
You need to log in before you can comment on or make changes to this bug.