Closed Bug 1535879 Opened 6 years ago Closed 6 years ago

Firefox no longer immune to filldisk caching tricks from trolling subdomain

Categories

(Core :: Storage: localStorage & sessionStorage, defect)

Product:
Core
Component:
Storage: localStorage & sessionStorage
Version:
67 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox65 --- unaffected
firefox66 --- unaffected
firefox67 --- affected

People

(Reporter: licybora, Unassigned)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(2 files)

regression range(?)
(deleted), image/png
Details
Regression range
(deleted), image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

  1. Browse http://www.filldisk.com. This is a site that will fill cache by trolling 1.subdomain.com, 2.subdomain.com to workaround the 5MB per origin limit. The more information of the trick can be found in https://feross.org/fill-disk/
  2. The site would prompt alert, saying something like "You are safe because you are using Firefox".
  3. Close the alert, and see if the site can filling your disk space by caching

Actual results:

The site keep filling the disk space until you click Stop the madness!. You will see Used X MB of disk space!, and the X keep increasing. (Currently only affected Nightly channel on 67.0a1, not sure if it is regression or by-design flag only for Nightly)

Expected results:

The site can at most fill 5MB and no more. This is the expected behavior in 67.0b2 (Firefox Developer Edition), or any earlier version (include stable, beta channel).

(In reply to licybora from comment #0)

not sure if it is regression or by-design flag only for Nightly)

It would be helpful if you could find the regression range.
https://mozilla.github.io/mozregression/quickstart.html

URL: http://www.filldisk.com
Has Regression Range: --- → no
Has STR: --- → yes
status-firefox65: --- → unaffected
status-firefox66: --- → unaffected
status-firefox67: --- → affected
status-firefox-esr60: --- → unaffected
Component: Untriaged → Networking: Cache
Flags: needinfo?(licybora)
Keywords: regression, regressionwindow-wanted
Product: Firefox → Core
Attached image regression range(?) (deleted) —

Sorry that I do not familiar with this tool, but I tried my best.
Due to some unknown reason, I cannot switch into mozilla-inbound.

Flags: needinfo?(licybora)
Attached image Regression range (deleted) —

This image should be more useful to show the range (Green: good, Red: bad).
I can't download any in between using your GUI tool, it keep say Unable to find build info using the taskcluster route.

The regression window of comment#3:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3cddc7cd&tochange=ff29f140

Suspect: Bug 1517090

Blocks: 1517090
Has Regression Range: no → yes
Component: Networking: Cache → DOM: Web Storage
Keywords: regressionwindow-wanted
Flags: needinfo?(jvarga)

No, this is now expected. If you let it go, you will see that it stops at some point depending on your free disk space.
The maximum is 10% of your free disk space with the cap set to 2 GB.

Btw, the page doesn't report accurate usage, it stopped at 4285 MB for me, but actual usage was a half of that which corresponds to the 2GB cap.

This change was done mostly to address bug 1064466 and also to be consistent with other storage APIs like IndexedDB and DOM cache which share same limits (except there's still special 5 MB origin limit for localStorage).

Flags: needinfo?(jvarga)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: