Etusivu Tutki Apua
Kirjaudu sisään
desktopd
/
no-resource-uri-leak
Tarkkaile 6
Äänestä 5
Fork 1
Tiedostot Ongelmat 14 Pull-pyynnöt 1 Wiki
Tunnisteet Merkkipaalut
Uusi ongelma

#18 Firefox bug 863246 verfied fixed

Avoinna
6 vuotta sitten avasi David_Hedlund · 1 kommenttia
David Hedlund kommentoitu 6 vuotta sitten

bug 863246 has been marked as "VERIFIED FIXED".

https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/ reads

Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to Firefox privacy. A direct workaround for bugzil.la/863246

From Firefox 57 onward, Add-ons no longer have control over privileged schemes such as resource:// or chrome:// so this add-on cannnot be used anymore. This add-on will be unsupported. Fortunately, latest Firefox blocks most privacy-threatening instances of previously content-accessible resources.

Can you please replace the above text with something like this?:

Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to privacy in old Firefox versions. A direct workaround for bugzil.la/863246 (fixed in Firefox 57).

bug [863246](https://bugzilla.mozilla.org/show_bug.cgi?id=863246) has been marked as "VERIFIED FIXED". https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/ reads > Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to Firefox privacy. A direct workaround for bugzil.la/863246 > From Firefox 57 onward, Add-ons no longer have control over privileged schemes such as resource:// or chrome:// so this add-on cannnot be used anymore. This add-on will be unsupported. Fortunately, latest Firefox blocks most privacy-threatening instances of previously content-accessible resources. Can you please replace the above text with something like this?: > Deny resource:// access to Web content: We fill the hole to defend against fingerprinting. Very important to privacy in old Firefox versions. A direct workaround for bugzil.la/863246 (fixed in Firefox 57).
bugmenot kommentoitu 6 vuotta sitten

Fixed would be a slight exaggeration. While they mitigated some of the issues and managed to fake the leak test, they ended up creating more problems by introducing additional URI for WebExt. In turn they broke all old addons and allow new UUID tracking for WebExt.

The new WebExt. bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1372288

As per this PR, this addon can be modified to secure against both. https://notabug.org/desktopd/no-resource-uri-leak/pulls/16

Someone should continue to maintain a fork for FF60 and FF52-ESR (legacy) as the addon still has multiple uses besides just resource:///

Fixed would be a slight exaggeration. While they mitigated some of the issues and managed to fake the leak test, they ended up creating more problems by introducing additional URI for WebExt. In turn they broke all old addons and allow new UUID tracking for WebExt. The new WebExt. bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1372288 As per this PR, this addon can be modified to secure against both. https://notabug.org/desktopd/no-resource-uri-leak/pulls/16 Someone should continue to maintain a fork for FF60 and FF52-ESR (legacy) as the addon still has multiple uses besides just resource:///
Kirjaudu sisään osallistuaksesi tähän keskusteluun.
Tunnisteet
Tyhjennä tunnisteet
Add-on SDK Chrome in content issue Confirmed No known fixes Partially done Tests needed
Ei tunnistetta
Add-on SDK
Chrome in content issue
Confirmed
No known fixes
Partially done
Tests needed
Merkkipaalu
Tyhjennä merkkipaalu
Ei merkkipaalua
Osoitettu
Tyhjennä osoitettu
Ei osoitettua
2 osallistujaa
Kirjoita Esikatselu
Ladataan...
Peruuta
Tallenna
Sisältöä ei vielä ole.