Security/Fingerprinting

From MozillaWiki
Jump to: navigation, search
ID Summary Priority Product Component Assigned to Whiteboard
167475 [URL] Disable external and returning no data protocol handlers in all cases, excluding <A HREF=> -- Core Document Navigation timeless [sg:want][fingerprinting][probing][proto] See bug 173010 for whitelisting protocols
572650 Reduce the amount of data and entropy sent out in HTTP requests -- Core Networking: HTTP [fingerprinting][necko-would-take]
583181 Don't reveal navigator.buildID to every site on the web -- Core DOM [parity-IE] [fingerprinting]
680300 Restrict discoverability of protocol handlers -- Core Networking [fingerprinting][probing][necko-backlog]
724179 Gecko sends cookies and HTTP auth credentials in mixed-content requests -- Core DOM: Security [fingerprinting], [domsecurity-backlog]
724182 Gecko sends cookies and HTTP auth credentials in cross-domain requests to an unrelated domain for images and scripts that haven't been approved by CORS -- Core DOM: Security [fingerprinting][domsecurity-backlog]
732096 Add a preference to prevent local font enumeration P3 Core Layout [fingerprinting][tor][tor-standalone]
779197 Use a protocol not accessible from content -- Add-on SDK General [fingerprinting]
903959 custom resource://foo/ allows fingerprinting addons -- Core Security [fingerprinting]
959893 WebRTC Internal IP Address Leakage -- Core WebRTC: Signaling [fingerprinting]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) P3 Core Canvas: 2D [tor][fingerprinting]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting -- Firefox Preferences [fingerprinting]
1041818 take steps to mitigate canvas fingerprinting P3 Core General [fingerprinting][tor][tor-standalone]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) P3 Core JavaScript: Standard Library Jonathan Hao [:jhao] [fingerprinting][tor]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) P3 Core Canvas: WebGL Jeff Gilbert [:jgilbert] [tor][tor-standalone][fingerprinting]
1222285 Keyboard layout is leaked by KeyboardEvent (Tor 15646, 17009) P3 Core Event Handling [tor][tor-standalone][fingerprinting]
1233691 Redesign mediaDevices.enumerateDevices() API -- Core WebRTC
1233846 WebSpeech API mustn't allow fingerprinting -- Core Web Speech [fingerprinting]
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) -- Firefox Preferences Arthur Edelstein [:arthuredelstein] [tor][fingerprinting]
1314443 Change --disable-webrtc into a preference P3 Core WebRTC Jonathan Hao [:jhao] [tor][fingerprinting]
1314448 Create a build target that adds --disable-webrtc to the mozconfig -- Release Engineering General Automation [tor][tor-testing][fingerprinting]
1315203 XSHM: Cross Site History Manipulation (information leakage) P3 Core Document Navigation [fingerprinting]
1325874 Consider seperating page content history for userContextId P3 Core DOM: Security [fingerprinting][domsecurity-backlog2][userContextId]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors -- Core GFX: Color Management [tor 6786][fingerprinting] gfx-noted
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions -- Core XUL [tor 19459][fingerprinting]
1330890 Use UTC timezone when privacy.resistFingerprinting = true -- Core General [tor 16622][fingerprinting]
1330892 <isindex> leaks user locale -- Core HTML: Parser [tor 18914][fingerprinting]

27 Total; 26 Open (96.3%); 1 Resolved (3.7%); 0 Verified (0%);