Closed
Bug 1488785
Opened 6 years ago
Closed 6 years ago
The storage access permission doesn't honour private browsing
Categories
(Firefox :: Protections UI, defect, P1)
Firefox
Protections UI
Tracking
()
VERIFIED
FIXED
Firefox 64
Tracking | Status | |
---|---|---|
firefox62 | --- | unaffected |
firefox63 | + | verified |
firefox64 | + | verified |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
STR:
1. In a new profile, set network.cookie.cookieBehavior to 4.
2. Open a private window.
3. Go to https://de.ign.com/marvels-the-avengers-infinity-war-part-1/130638/news/thanos-sollte-in-avengers-infinity-war-ursprunglich-durch-ei.
4. Click on the Facebook like button. A Facebook login window opens. Click somewhere on that window.
5. Close Firefox, go to the console and run the following commands:
$ sqlite3 path/to/firefox/permissions.sqlite
> select * from moz_perms;
1|https://de.ign.com|3rdPartyStorage^https://www.facebook.com|1|2|1538751487216|1536159487216
The permissions database shouldn't contain an entry revealing the domains visited in private mode.
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → ehsan
Assignee | ||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Assignee | ||
Comment 1•6 years ago
|
||
Assignee | ||
Comment 2•6 years ago
|
||
Depends on D5046
Assignee | ||
Comment 3•6 years ago
|
||
Depends on D5047
Assignee | ||
Comment 4•6 years ago
|
||
Comment on attachment 9006600 [details]
Bug 1488785 - Part 1: Don't save persistent storage access permissions for private browsing contexts; r=baku
Approval Request Comment
[Feature/Bug causing the regression]: Not a regression, private browsing violation in a new feature
[User impact if declined]: private browsing violation, quite serious. Note that the feature isn't enabled by default, but is going to undergo a shield study in 63 beta.
[Is this code covered by automated tests?]: Yes
[Has the fix been verified in Nightly?]: Not yet.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: Not really.
[Why is the change risky/not risky?]: Because it's simple, localized, and the code in question is preffed off by default.
[String changes made/needed]: None.
Attachment #9006600 -
Flags: approval-mozilla-beta?
Comment 5•6 years ago
|
||
Comment on attachment 9006600 [details]
Bug 1488785 - Part 1: Don't save persistent storage access permissions for private browsing contexts; r=baku
Andrea Marchesini [:baku] has approved the revision.
Attachment #9006600 -
Flags: review+
Comment 6•6 years ago
|
||
Comment on attachment 9006601 [details]
Bug 1488785 - Part 2: Add support for running tests in private windows to the antitracking mini-testsuite; r=baku
Andrea Marchesini [:baku] has approved the revision.
Attachment #9006601 -
Flags: review+
Comment 7•6 years ago
|
||
Comment on attachment 9006602 [details]
Bug 1488785 - Part 3: Add a test to ensure that setting a storage access permission in a private window won't leave a persistent trace in the permission manager; r=baku
Andrea Marchesini [:baku] has approved the revision.
Attachment #9006602 -
Flags: review+
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5cf5331348ef
Part 1: Don't save persistent storage access permissions for private browsing contexts; r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/5ba2811bacfd
Part 2: Add support for running tests in private windows to the antitracking mini-testsuite; r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/8ae26799f5fd
Part 3: Add a test to ensure that setting a storage access permission in a private window won't leave a persistent trace in the permission manager; r=baku
Comment 9•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5cf5331348ef
https://hg.mozilla.org/mozilla-central/rev/5ba2811bacfd
https://hg.mozilla.org/mozilla-central/rev/8ae26799f5fd
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 64
Comment 10•6 years ago
|
||
Comment on attachment 9006600 [details]
Bug 1488785 - Part 1: Don't save persistent storage access permissions for private browsing contexts; r=baku
Approved for 63 beta 4
Attachment #9006600 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Updated•6 years ago
|
Comment 11•6 years ago
|
||
bugherder uplift |
Comment 12•6 years ago
|
||
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:64.0) Gecko/20100101 Firefox/64.0
Build ID: 20180907100116
Verified as fixed on the latest Nightly build (64.0a1) and on the latest Beta build (63b4).
Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•