Security/Fingerprinting

From MozillaWiki
Jump to: navigation, search

Anti-Fingerprinting - P1 (Target as Fx55 Aurora - 2017/4/17)

ID Summary Product Component Assigned to Depends on Whiteboard
583181 Don't reveal navigator.buildID to every site on the web Core DOM 966030, 1216225 [parity-IE] [fingerprinting]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) Core JavaScript: Standard Library Jonathan Hao [:jhao] [fingerprinting][tor]
1314448 Create a build target that adds --disable-webrtc to the mozconfig Release Engineering General Automation [tor][tor-testing][fingerprinting]
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] Core XUL Tim Huang[:timhuang] [fingerprinting][tor]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] Core General Tim Huang[:timhuang] [fingerprinting][tor 16622]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled Core Web Speech [tor][fingerprinting]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled Core DOM: Security Tim Huang[:timhuang] 1337161 [tor][fingerprinting][domsecurity-backlog1]

7 Total; 7 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Anti-Fingerprinting - P2 (Target as Fx56 Aurora - 2017/6/12)

ID Summary Product Component Assigned to Depends on Whiteboard
680300 Restrict discoverability of protocol handlers [Tor 1623] Core Networking [fingerprinting][probing][necko-backlog][tor]
863246 resource:// URIs leak information (Tor 8725) Core Security [tor][fingerprinting]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) Core Canvas: 2D Jonathan Hao [:jhao] 1260931 [tor][fingerprinting]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting Firefox Preferences [fingerprinting]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) Core Canvas: WebGL Jeff Gilbert [:jgilbert] [tor][tor-standalone][fingerprinting]
1222285 Keyboard layout is leaked by KeyboardEvent (Tor 15646, 17009) Core Event Handling [tor][tor-standalone][fingerprinting]
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) Firefox Preferences Arthur Edelstein [:arthuredelstein] [tor][fingerprinting]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] Core GFX: Color Management [fingerprinting] gfx-noted [tor]
1330892 <isindex> leaks user locale Core HTML: Parser 1266495 [fingerprinting][tor]
1333933 Disable/spoof fingerprintable features when privacy.resistFingerprinting = true Core General Tim Huang[:timhuang] 1337157, 1337161 [tor][fingerprinting]
1336208 Bundle and whitelist fonts when privacy.resistFingerprinting = true Core Graphics: Text 1121643 [tor][fingerprinting][gfx-noted]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true Core DOM: Device Interfaces [tor][fingerprinting]

12 Total; 12 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Anti-Fingerprinting - P3~P5

ID Summary Priority Product Component Assigned to Depends on Whiteboard
167475 [URL] Disable external and returning no data protocol handlers in all cases, excluding <A HREF=> -- Core Document Navigation timeless 379803, 173010, 229168, 379819 [sg:want][fingerprinting][probing][proto] See bug 173010 for whitelisting protocols
572650 Reduce the amount of data and entropy sent out in HTTP requests P3 Core Networking: HTTP 566434, 583181, 728952, 1090433, 414057, 527886, 572652, 572656, 572659, 572661, 572665, 572667, 572668, 581008, 581783, 582421, 584683, 586165, 588909, 588913, 591537, 591573, 630357, 643352, 669814, 697383, 728582, 728585, 728831, 728888, 728894, 729089, 736373, 757726, 765048, 793978, 799899, 817450, 1054739, 1313580 [fingerprinting][necko-would-take]
724179 Gecko sends cookies and HTTP auth credentials in mixed-content requests P3 Core DOM: Security [fingerprinting], [domsecurity-backlog]
724182 Gecko sends cookies and HTTP auth credentials in cross-domain requests to an unrelated domain for images and scripts that haven't been approved by CORS -- Core DOM: Security [fingerprinting][domsecurity-backlog]
732096 Add a preference to prevent local font enumeration P3 Core Layout 1121643 [fingerprinting][tor][tor-standalone]
779197 Use a protocol not accessible from content P3 Add-on SDK General 820213, 852297 [fingerprinting]
903959 custom resource://foo/ allows fingerprinting addons -- Core Security 863246 [fingerprinting]
1041818 take steps to mitigate canvas fingerprinting P3 Core General [fingerprinting][tor][tor-standalone]
1233846 WebSpeech API mustn't allow fingerprinting -- Core Web Speech [fingerprinting]
1314443 Change --disable-webrtc into a preference P3 Core WebRTC Jonathan Hao [:jhao] [tor][fingerprinting]
1315203 XSHM: Cross Site History Manipulation (information leakage) P3 Core Document Navigation [fingerprinting]
1325874 Consider seperating page content history for userContextId P3 Core DOM: Security 1283320 [fingerprinting][domsecurity-backlog2][userContextId]

12 Total; 12 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Resolved Bugs

ID Summary Priority Product Component Assigned to Depends on Whiteboard
1233691 Redesign mediaDevices.enumerateDevices() API -- Core WebRTC
1345322 Create the preference privacy.resistFingerprinting in firefox.js P1 Firefox Preferences Ethan Tseng [:ethan]

2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);