Security/Contextual Identity Project/Tracking

From MozillaWiki
Jump to: navigation, search

Origin Attributes

To implement containers for the Contextual Identity, we are adding a new Origin Attribute called "usercontext". However security checks in gecko sometimes use the URL or other properties instead of a proper Origin check. So the first step then is to fix up all the places in Gecko where we should be using an Origin. These bugs are tagged with a whiteboard tag of [oa* (i.e. [oa], [oa-testing] etc).

Active Bugs

Bugs which are assigned and being worked on.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1302566 [tor][domsecurity-backlog1][OA] remove the IsInPrivateBrowsing mode from shared workers and use origin attributes instead. REOPENED Andrea Marchesini [:baku] P3 ---

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Assigned, but not started

These bugs have an owner, but their status is 'NEW' indicating that they are not being worked on yet.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1273058 [userContextId][OA] mContentViewer should be null when setting origin attributes on docshell NEW Andrea Marchesini [:baku] P3 ---
1338006 [OA][tor] Perform OriginAttributes Review of WebRTC NEW Tom Ritter [:tjr] (OOTO until 4/30 at least) P3 ---

2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Backlog (all unowned)

Bugs looking for an owner.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1283320 [userContextId][domsecurity-backlog2][OA] Make History aware of userContextId NEW P3 ---
1284985 [userContextId][domsecurity-backlog3][OA] cookies being loaded from about:newtab should use a privatebrowsing mode value >1 in the OriginAttributes instead of a temp userContextId NEW P3 ---
1284986 [fxprivacy][OA][tor] JavaScript error: chrome://browser/content/pageinfo/permissions.js, line 224: Error: Callback received for bad URI: [xpconnect wrapped nsIURI @ 0x12cf99d40 (native @ 0x1356f7b08)] NEW P5 ---
1300706 [OA][domsecurity-backlog1] firstPartyDomain shouldn't be propagated to mozbrowser frame NEW P3 ---
1319184 [OA] remove the IsInPrivateBrowsing boolean from the GetFavicon related code in DocShell NEW P3 ---
1319346 [domsecurity-backlog2][OA][userContextId][tor] WebChannel not isolated by originAttributes REOPENED P3 ---
1321646 [OA] Figure out why the nsDocShell::CopyFavicon assert fails and fix it NEW P3 ---
1329572 [OA][domsecurity-backlog3] Consider making origin attributes become a XPCOM object NEW P3 ---

8 Total; 8 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Containers Specific Bugs

All bugs for the Contextual Identity projects which are NOT part of origin attributes fix-ups. These bugs are tagged in the whiteboard with [userContextId].

Active Containers Bugs

Bugs which are assigned and being worked on.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1338735 [userContextId][domsecurity-backlog] removing all associated container cookies when containers are disabled/removed ASSIGNED Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout) P3 ---
1331595 [userContextId] The new tab button's container menu should allow middle/accel-click to create new related tabs with the desired container ASSIGNED Kestrel P3 ---

2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Assigned, but not started, container bugs

These bugs have an owner, but their status is 'NEW' indicating that they are not being worked on yet.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1320378 [userContextId][domsecurity-backlog] warning users when removing containers that aren't currently being used NEW Danny Colin [:sdk] P3 ---

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Backlog P1 (all unowned) container bugs

Bugs looking for an owner.

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Backlog P2 (all unowned) container bugs - Nightly 50 and 51

Bugs looking for an owner.

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1245262 [userContextId][userContextId-UI][blocked] keyboard shortcuts for opening new container tabs REOPENED P2 ---
1406371 [usercontextId] Make a preference to control what the usercontextId is when creating a new tab NEW P2 ---

2 Total; 2 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Backlog P3 (all unowned) container bugs - Future Work

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1199470 [userContextId][domsecurity-backlog3] Let users Clear History for a specific Container NEW P3 ---
1213290 [userContextId][domsecurity-backlog] Enable "usercontext" on bookmarks NEW P3 ---
1245502 [userContextId][userContextId-UI] Would be nice to see the container for each tab in about:sessionrestore NEW P3 ---
1249348 [userContextId][domsecurity-backlog3] compartmentalizing certificate overrides via containers NEW P3 ---
1272043 [domsecurity-backlog3][usercontextId] adding the ability to open containers via the taskbar jump list/dock NEW P3 ---
1280549 [userContextId] [a11y] Make container type for current tab more easily accessible to screen reader users NEW P3 ---
1280697 [userContextId][tpi:+] Assign containers based on the desktop UNCONFIRMED P3 ---
1283495 [userContextId][domsecurity-backlog] Add the ability to assign a window to a container NEW P3 ---
1288504 [userContextId][domsecurity-backlog2] Customize about:newtab per Container NEW P3 ---
1288858 [userContextId][domsecurity-backlog3][sync-engine-addition] Should custom containers be synced across devices? NEW P3 ---
1291672 [userContextId][domsecurity-backlog1] Banking icon for containers isn't possible localise NEW P3 ---
1292241 [domsecurity-backlog][userContextId] UX tests for Containers NEW P3 ---
1293420 [userContextId] Should we disable mix-blend-mode because it can lead to a history leakage attack? NEW P3 ---
1295750 [userContextId][domsecurity-backlog] integrating disposable/one-shot containers into DevTools NEW P3 ---
1297973 [userContextId] [domsecurity-active] Design UX for presenting userContextId in History UI NEW P3 ---
1298064 [domsecurity-active][userContextId] Container tab menu on long press add menu not present after customize NEW P3 ---
1303911 [userContextId][domsecurity-backlog] restoring a single container tab quickly opens a second tab that disappears instantly NEW P3 ---
1306684 [domsecurity-backlog][userContextId] UX tests for Containers using mozscreenshots NEW P3 ---
1311845 [userContextId][domsecurity-backlog] [Containers] Easier New Container Tab Experience NEW P3 ---
1318352 [domsecurity-backlog][userContextId] Consider creating new tabs in the same container as the currently active tab when pressing new tab button NEW P3 ---
1318652 [userContextId] automatic contextual container based on domain (or regex) UNCONFIRMED P3 ---
1320368 [userContextId][domsecurity-backlog] changing preferences under about:preferences within containers NEW P3 ---
1322387 [userContextId][domsecurity-backlog] tabbrowser.xml should use weak ref observers NEW P3 ---
1325874 [fingerprinting][fp-triaged][domsecurity-backlog2][userContextId] Consider seperating page content history for userContextId NEW P3 ---
1325884 [userContextId] Container tabs should have options for separate history and URL completion NEW P3 ---
1329453 [userContextId][domsecurity-backlog] Show an appropriate menu item if all Containers are removed NEW P3 ---
1337937 [userContextId][domsecurity-backlog] "Open Container Tab" under hamburger menu not always appearing/disappearing when enabling containers NEW P3 ---
1345643 [domsecurity-backlog3][userContextId] about:preferences#containers accessible via URL even though privacy.userContext.enabled;false NEW P3 ---
1359232 [userContextId][domsecurity-backlog2] Assertion failure: mPresContext->mLayoutPhaseCount[eLayoutPhase_FrameC] == 0 (recurring into frame construction), at /mozilla-beta/layout/base/nsAutoLayoutPhase.cpp:55 NEW P3 ---
1365019 [userContextId][domsecurity-backlog2] Have containers isolate more things, like extensions NEW P3 ---
1372103 [userContextId][domsecurity-backlog1] viewing caches from differnt container in about:cache NEW P3 ---
1375598 [userContextId][domsecurity-backlog2] Container tabs are triggered accidentally when switching back to Firefox NEW P3 ---
1393822 [usercontextId] Long touch new tab doesn't open containers menu with touch screen NEW P3 ---

33 Total; 33 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Testing Bugs

Origin Testing bugs are tagged with [oa-testing]

Full Query
ID Whiteboard Summary Status Assigned to Priority Fx iteration
1257456 [OA-testing] tests for restore into existing tab with correct userContextId NEW P3 ---
1264152 btpp-active[OA-testing][tor-testing][domsecurity-backlog1] Create a tag for OriginAttribute mochitests NEW P3 ---
1271873 [OA-testing][domsecurity-backlog2] Add a test case to ensure that Sandbox handles userContextId correctly NEW P3 ---
1337868 [OA-testing][tor-testing][domsecurity-backlog1] Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets NEW P3 ---

4 Total; 4 Open (100%); 0 Resolved (0%); 0 Verified (0%);

https://bugzilla.mozilla.org/buglist.cgi?query_based_on=usercontextid%20and%20oa&status_whiteboard_type=anywordssubstr&query_format=advanced&status_whiteboard=[TOR%2C[oa-testing&known_name=usercontextid%20and%20oa

Uplift49 Bugs

Bugs to be requested to uplift to 49. <bugzilla> 

 {

   "include_fields": "id, whiteboard, summary, status, assigned_to,priority,cf_fx_iteration",
   "query_format":"advanced",
   "status_whiteboard_type":"anywordssubstr",
   "status_whiteboard":"[uplift49+]",
   "order": "assigned_to,bug_id",

"keywords_type":"nowords", "keywords":"meta" 

 }
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Contextual_Identity_Project/Tracking&oldid=1153518"