Randomize the placement of the cookie header like opera does

RESOLVED WONTFIX

Status

()

Core
Networking: HTTP
--
enhancement
RESOLVED WONTFIX
5 years ago
4 years ago

People

(Reporter: 133794m3r, Unassigned)

Tracking

({sec-want})

20 Branch
x86_64
Linux
sec-want
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [spdy])

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130326150557

Steps to reproduce:

This is an enhacment, so I didn't do anything.


Actual results:

Same thing(I guess).


Expected results:

Opera apparently randomizes where it stores the Cookie:, header so it wasn't vunerable to the CRIME attack. Even though header compression isn't that useful for most people it'd still be something that would help(I believe).

Updated

5 years ago
Severity: normal → enhancement

Updated

5 years ago
Blocks: 785279
Component: Untriaged → Networking: HTTP
Keywords: sec-want
Product: Firefox → Core
Whiteboard: [spdy]
we don't do upstream header compression in spdy (it is technically gzip formatted, but no compression is applied) and hpack in http/2 is not vulnerable to this
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.