Closed
Bug 1476324
Opened 6 years ago
Closed 6 years ago
Storage activation via window.open(URL) applies across top-level domains
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
FIXED
Firefox 63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: englehardt, Assigned: baku)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
(deleted),
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
As part of the new cookie restrictions (Bug 1473978) we implemented a storage activation heuristic based on the use of window.open by the opening document (Bug 1474651). This heuristic is intended to allow storage access for the target of the window.open call only on the opening document's site. Instead, it appears to enable storage access for that third party on all first parties.
Steps to reproduce:
With a fresh profile, visit:
https://senglehardt.com/test/identity_providers/facebook.html
and
https://www.cs.princeton.edu/~ste/test/identity_providers/facebook.html
In both cases no cookies should be sent in requests to Facebook.
Click "Login In" on senglehardt.com.
Refresh the princeton.edu tab.
You should now see cookies sent to Facebook on the princeton.edu page.
Assignee | ||
Comment 1•6 years ago
|
||
Assignee: nobody → amarchesini
Attachment #8992757 -
Flags: review?(ehsan)
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #8992758 -
Flags: review?(ehsan)
Updated•6 years ago
|
Attachment #8992758 -
Flags: review?(ehsan) → review+
Updated•6 years ago
|
Attachment #8992757 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 3•6 years ago
|
||
Currently we annotate only 3rd party channels. We must annotate also top-level channels because we need to grant the first party storage permission if a top-level non-tracking page does a window.open(tracker) and the user interacts with that tracker page.
Attachment #8992870 -
Flags: review?(francois)
Comment 4•6 years ago
|
||
Comment on attachment 8992870 [details] [diff] [review]
part 3 - annotate top-level channel
Review of attachment 8992870 [details] [diff] [review]:
-----------------------------------------------------------------
Stealing!
Attachment #8992870 -
Flags: review?(francois) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/48dbdb55cabe
Storage activation via window.open(URL) applies across top-level domains - part 1 - window.open() from top-level, r=ehsan
https://hg.mozilla.org/integration/mozilla-inbound/rev/2272ac475d49
Storage activation via window.open(URL) applies across top-level domains - part 2 - tests, r=ehsan
https://hg.mozilla.org/integration/mozilla-inbound/rev/1b81fd5d2002
Storage activation via window.open(URL) applies across top-level domains - part 3 - annotate top-level channels, r=ehsan
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/48dbdb55cabe
https://hg.mozilla.org/mozilla-central/rev/2272ac475d49
https://hg.mozilla.org/mozilla-central/rev/1b81fd5d2002
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
You need to log in
before you can comment on or make changes to this bug.
Description
•