- Status Closed
- Percent Complete
- Task Type Freedom Issue
- Category Any
- Assigned To No-one
- Operating System All
- Severity Low
- Priority Very Low
- Reported Version Any
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
FS#923 - [iceweasel-no-resource-uri-leak]: using "contents" in description
Description:
community/iceweasel-no-resource-uri-leak 1.1.0-1 (iceweasel-addons) Deny resource:// access to Web content. Fill the hole to defend against fingerprinting.
Description is vague because of the word “content”. Does it deny to “content” or it denies to files, URLs or to what?
See:
https://www.gnu.org/philosophy/words-to-avoid.html#Content
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Thank you for the report.
It protects against a long-standing and unsolved Mozilla bug that fingerprints the user, see: https://browserleaks.com/firefox
The new FF60 manages to break the above test, but introduced another more critical bug that can precisely identify the user with WebExt UUID.
I have backported the latest version from git, which also protects against WebExt fingerprinting. It was not released on AMO because they no longer allow legacy addons. I also patched the wording to clarify the situation and replaced the wording.
Description is now:
You can test the new version here: https://repo.hyperbola.info:50000/other/no-resource-uri-leak/
I would also like some leak-tests made to confirm that the new extension:// filter is working properly. If you know of anyone capable of this please have them try it.
Meanwhile, I think this issue can be considered solved.