Open
Bug 763904
Opened 12 years ago
Updated 2 years ago
Detect when an add-on attempts to access cookies in private browsing mode
Categories
(Firefox :: Private Browsing, enhancement)
Firefox
Private Browsing
Tracking
()
NEW
People
(Reporter: Yoric, Unassigned)
References
(Blocks 1 open bug)
Details
This is a splinter from bug 761950. The idea is to provide facilities to help diagnose add-ons that, for whatever reason, attempt to access cookies while in private browsing mode. This can be useful both for add-on authors and for AMO testing. Followup bugs will cover access to other sensitive information while in private mode.
Reporter | ||
Comment 1•12 years ago
|
||
The current idea is to post events to the nsIObserverService whenever an add-on attempts to access sensitive information while in private mode.
Reporter | ||
Updated•12 years ago
|
Whiteboard: [mentor
Reporter | ||
Updated•12 years ago
|
Whiteboard: [mentor → [mentor=Yoric][lang=c++]
Comment 2•12 years ago
|
||
So, two questions: why limit this to only accessing cookies? Also, Ameya, does your approach differentiate between different method calls on an interface? Because for example, reading cookies in PB mode is not a problem, writing them to disk is though.
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to Ehsan Akhgari [:ehsan] from comment #2) > So, two questions: why limit this to only accessing cookies? Simply to start small and expand the scope only once we have reached firm ground.
Comment 4•12 years ago
|
||
(In reply to Ehsan Akhgari [:ehsan] from comment #2) > Also, Ameya, > does your approach differentiate between different method calls on an > interface? Because for example, reading cookies in PB mode is not a > problem, writing them to disk is though. Approach is same for all interfaces. I also considered File Handling in it. http://pastebin.mozilla.org/1661227 has list of all considered interfaces. Need a discussion on which of them are really sensitive interfaces because I might have considered some unnecessary or I might be lacking several other.
Comment 5•12 years ago
|
||
(In reply to Ameya from comment #4) > (In reply to Ehsan Akhgari [:ehsan] from comment #2) > > Also, Ameya, > > does your approach differentiate between different method calls on an > > interface? Because for example, reading cookies in PB mode is not a > > problem, writing them to disk is though. > > Approach is same for all interfaces. I also considered File Handling in it. > http://pastebin.mozilla.org/1661227 has list of all considered interfaces. > Need a discussion on which of them are really sensitive interfaces because I > might have considered some unnecessary or I might be lacking several other. Yes, but my question was specifically about the methods called on those interfaces. For example, it's perfectly fine for an add-on to call getCookieString on the nsICookieService interface.
Hi Ameya, Are you still working on this bug? I see that it's been a while. Is there anything that might help you go further on this? Let us know. Thanks!
Flags: needinfo?(ameyabap)
Assignee: ameyabap → nobody
Flags: needinfo?(ameyabap)
Comment 7•11 years ago
|
||
Hi Liz, David. I'm a beginner here. Did a Firefox build on Ubuntu couple of days ago and after that just been looking for mentored / good first bugs. I would like to take this up if someone can get me started on the basics of Private Browsing code.
Comment 8•11 years ago
|
||
I think you should look for a different bug to start with; this one is no longer well-defined since we introduced private windows instead of the global private browsing mode.
Whiteboard: [mentor=Yoric][lang=c++]
Comment 11•10 years ago
|
||
There is a problem connected with this bug: nsICookieService can't access cookies when 'Use custom settings for history' selected in Privacy settings (like this https://support.cdn.mozilla.net/media/uploads/gallery/images/2013-07-03-04-42-16-13bb88.png). And XMLHTTPRequest from chrome sent without cookies.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•