Twitch audio briefly plays on browser start when the site is pinned in about:home
Categories
(Firefox :: New Tab Page, defect, P3)
Tracking
()
People
(Reporter: planetrenox, Unassigned)
Details
(Keywords: privacy, steps-wanted)
Attachments
(2 files)
|
(deleted),
image/png
|
Details | |
|
(deleted),
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details |
Capture.PNG
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Steps to reproduce:
Look at screenshot attached.
I removed all extensions/add-ons to make sure this problem was not caused by them.
- Simply pin https://www.twitch.tv/ to homepage just as in screenshot.
- close all firefox windows
- start firefox
- wait for 5 seconds
- you will hear twitch audio that will last for 1 second
Actual results:
This must mean twitch is loading when the homepage opens. Why is firefox making a connection to twitch when the browser is opened?
This seems like a major security flaw
Is this happening for all pages in the homepage? you should look into this
(The audio will play even if you go to another site right after opening firefox)
Expected results:
No audio should play. No connection should be made to the links in homepage.
This is probably happening because firefox is connecting to the websites to get their icon/thumbnail i imagine?
|
||
Comment 1•3 years ago
|
||
This sounds bad, but I think it is more like a privacy issue than a security issue. The user chose to pin the tab, and likely visits the site regularly anyways.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Struggling to reproduce, going to look into it more.
|
Reporter | |
Comment 3•3 years ago
|
||
(In reply to Amy Churchwell [:amy] from comment #2)
Struggling to reproduce, going to look into it more.
try first making sure the video that plays on twitch front page isnt muted. it'll be saved as a cookie. then try.
i can record a video?
|
|
||
Comment 4•3 years ago
|
||
This seems to be related to screenshotting. Previously, we used screenshots of topsite websites as the thumbnail image. Unfortunately, that thumbnail is still being generated but not shown. (Bug to fix this behavior: https://bugzilla.mozilla.org/show_bug.cgi?id=1706449)
We can add a browser.mute(); to BackgroundPageThumbs.jsm at the very least to ensure that the background thumbnailer browser never plays audio. I can make a patch to do that today.
|
|
||
Comment 5•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
||
Comment 7•3 years ago
|
||
Comment on attachment 9255589 [details]
Bug 1745593 - Mute background thumbnailer browser. r?adw
Beta/Release Uplift Approval Request
- User impact if declined: Current bug is both annoying and confusing for users and exists on a high visibility surface, we should expose the fix to users as quickly as possible.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Muting the background thumbnail browser is low risk because it should not be perceived by users.
- String changes made/needed:
|
|
Reporter | |
Comment 8•3 years ago
|
||
(In reply to Amy Churchwell [:amy] from comment #4)
This seems to be related to screenshotting. Previously, we used screenshots of topsite websites as the thumbnail image. Unfortunately, that thumbnail is still being generated but not shown. (Bug to fix this behavior: https://bugzilla.mozilla.org/show_bug.cgi?id=1706449)
We can add a
browser.mute();to BackgroundPageThumbs.jsm at the very least to ensure that the background thumbnailer browser never plays audio. I can make a patch to do that today.
very cool. yes that makes sense.
A suggestion for this background browser
Under Settings -> Privacy/Security, if the user picks 'Strict': it would also make sense to completely disable the background browser
If you have a user that uses NoScript, I hope the background browser doesn't let remote JS code to run or ip to be leaked.
|
||
Comment 9•3 years ago
|
||
| bugherder | ||
|
||
Comment 10•3 years ago
|
||
Comment on attachment 9255589 [details]
Bug 1745593 - Mute background thumbnailer browser. r?adw
Approved for 96.0b7
|
|
||
Comment 11•3 years ago
|
||
| bugherder uplift | ||
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Comment 12•3 years ago
|
||
Tried to reproduce this on Windows 10 x64 and on macOS Big Sur 11.6 but I was unable to do so using builds prior to the fix (Firefox 95 and Nightly 97.0a1 from 2021-12-12), so I can't verify that this is fixed.
Planetrenox, will you be kind and verify that this is fixed using Firefox 96 beta 7 and the latest Nightly 97?
Firefox 96 beta 7 -
http://archive.mozilla.org/pub/firefox/candidates/96.0b7-candidates/build1/
Latest Nightly -
http://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/
Thanks!
|
|
Reporter | |
Comment 13•3 years ago
|
||
(In reply to Simona Badau from comment #12)
Tried to reproduce this on Windows 10 x64 and on macOS Big Sur 11.6 but I was unable to do so using builds prior to the fix (Firefox 95 and Nightly 97.0a1 from 2021-12-12), so I can't verify that this is fixed.
Planetrenox, will you be kind and verify that this is fixed using Firefox 96 beta 7 and the latest Nightly 97?
Firefox 96 beta 7 -
http://archive.mozilla.org/pub/firefox/candidates/96.0b7-candidates/build1/Latest Nightly -
http://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/Thanks!
I just repinned it with firefox 96 and it wasn't happening. If i don't write anything in 48 hours consider it fixed.
|
|
Reporter | |
Comment 14•3 years ago
|
||
It's not fixed: https://streamable.com/fp77s7
In the video it shows Version 96.0b7 (64 bit)
|
|
||
Comment 15•3 years ago
|
||
@Amy, could you please take a look over as according to Comment 14 this issue is still reproducible? Should this be Reopened?
|
|
||
Comment 16•3 years ago
|
||
Hi Dale, would you be able to see if this issue is reproducible? Or perhaps :adw can take a look?
|
||
Comment 17•3 years ago
|
||
I cant reproduce but the video provided is very clear, maybe worth asking someone from media if there is a better way than .mute()
Jim we are using a background browser element to take a screenshot and do not want it to create any audio,
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/BackgroundPageThumbs.jsm#388
is the current solution but look like it doesnt always work (but finding it hard to reproduce the failure) do you have
any ideas?
Cheers
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Comment 18•3 years ago
|
||
Using browser.mute() looks like a correct way for me.
I couldn't reproduce this issue as well on my Windows. Could you see if you can reproduce this on the latest Nightly? If you can, would you mind to capture debug log by using MOZ_LOG=AudioChannel:5,Autoplay:5?
Thank you.
|
|
Reporter | |
Comment 19•3 years ago
|
||
I can't provide more info as my homepage has been changed to blank
but
my suggestion would be to add this about:config setting:
browser.startup.homepage.abouthome_backgroundbrowser.enabled
in case mute doesn't work for everyone
|
|
||
Updated•2 years ago
|
|
||
Comment 20•2 years ago
|
||
Ctrl tab is using thumbnails, the new tab page may not be using them anymore but it may still be collecting thumbnails.
Next step is for an engineer or QA to try to reproduce the bug, maybe using ctrl tab (must be enabled in about:preferences) if the new tab page doesn't reproduce it anymore.
May anyone from QA pick this up for testing?
Description
•