Home Explore Help
Register Sign In
desktopd
/
no-resource-uri-leak
Watch 6
Star 5
Fork 1
Files Issues 14 Pull Requests 1 Wiki
Labels Milestones
New Issue

#18 Firefox bug 863246 verfied fixed

Open
opened 5 years ago by David_Hedlund · 1 comments
David Hedlund commented 5 years ago

bug 863246 has been marked as "VERIFIED FIXED".

https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/ reads

Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to Firefox privacy. A direct workaround for bugzil.la/863246

From Firefox 57 onward, Add-ons no longer have control over privileged schemes such as resource:// or chrome:// so this add-on cannnot be used anymore. This add-on will be unsupported. Fortunately, latest Firefox blocks most privacy-threatening instances of previously content-accessible resources.

Can you please replace the above text with something like this?:

Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to privacy in old Firefox versions. A direct workaround for bugzil.la/863246 (fixed in Firefox 57).

bug [863246](https://bugzilla.mozilla.org/show_bug.cgi?id=863246) has been marked as "VERIFIED FIXED". https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/ reads > Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to Firefox privacy. A direct workaround for bugzil.la/863246 > From Firefox 57 onward, Add-ons no longer have control over privileged schemes such as resource:// or chrome:// so this add-on cannnot be used anymore. This add-on will be unsupported. Fortunately, latest Firefox blocks most privacy-threatening instances of previously content-accessible resources. Can you please replace the above text with something like this?: > Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to privacy in old Firefox versions. A direct workaround for bugzil.la/863246 (fixed in Firefox 57).
bugmenot commented 5 years ago

Fixed would be a slight exaggeration. While they mitigated some of the issues and managed to fake the leak test, they ended up creating more problems by introducing additional URI for WebExt. In turn they broke all old addons and allow new UUID tracking for WebExt.

The new WebExt. bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1372288

As per this PR, this addon can be modified to secure against both. https://notabug.org/desktopd/no-resource-uri-leak/pulls/16

Someone should continue to maintain a fork for FF60 and FF52-ESR (legacy) as the addon still has multiple uses besides just resource:///

Fixed would be a slight exaggeration. While they mitigated some of the issues and managed to fake the leak test, they ended up creating more problems by introducing additional URI for WebExt. In turn they broke all old addons and allow new UUID tracking for WebExt. The new WebExt. bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1372288 As per this PR, this addon can be modified to secure against both. https://notabug.org/desktopd/no-resource-uri-leak/pulls/16 Someone should continue to maintain a fork for FF60 and FF52-ESR (legacy) as the addon still has multiple uses besides just resource:///
Sign in to join this conversation.
Labels
Clear labels
Add-on SDK Chrome in content issue Confirmed No known fixes Partially done Tests needed
No Label
Add-on SDK
Chrome in content issue
Confirmed
No known fixes
Partially done
Tests needed
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
2 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.