Security/FirstPartyIsolation

From MozillaWiki
Jump to: navigation, search

First Party Isolation - P1 (Target as Fx53 Aurora - 2017/1/23)

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P2 (Target as Fx54 Aurora - 2017/3/6 ESR 52.0)

Full Query
ID Summary Assigned to Depends on Whiteboard
444222 window.name can be used as an XSS attack vector 454850 [tor][tor-standalone][tor 16620][domsecurity-backlog1]
1315205 [META] QA bugs of First Party Isolation 1316019, 1319728, 1319761, 1319767, 1319839, 1336458, 1363952, 1379706, 1384657, 1459620, 1460428, 1475124, 1309800, 1309816, 1313627, 1315907, 1316536, 1317231, 1319756, 1319773, 1336439, 1336440, 1336441, 1336442, 1336460, 1336461, 1336462, 1336463, 1336464, 1336465, 1336466, 1459518 [tor][domsecurity-meta]
1330467 When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain Arthur Edelstein (Tor Browser dev) [:arthuredelstein] [tor 21569][domsecurity-backlog2]
1337868 Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets [OA-testing][tor-testing][domsecurity-backlog1]
1357346 [META] QA bugs of First Party Isolation on Fennec 1319728, 1363952, 1376766, 1376767, 1378150, 1378775, 1378815, 1379140, 1379141, 1319756, 1360142, 1360145, 1376769 [tor][domsecurity-meta]

5 Total; 5 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - P3~P5

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
1319346 WebChannel doesn't work in a container tab P3 [domsecurity-backlog2][OA][userContextId][tor]
1321158 Investigate if window.open() inheriting firstPartyDomain resolves breakage P5 [tor][domsecurity-backlog1]
1371651 about:cache does not show entries when `privacy.firstparty.isolate` is set to `true` P3 [tor][necko-backlog]
1384657 Pocket doesn't work with privacy.firstparty.isolate set to true P3 [tor]
1398414 Key :visited per origin (first-party-isolation for :visited). P3 [tor]
1475811 Entering URLs in address bar violates FPI P5 [tor 26353]
1492607 Prevent postMessage communication across first-party when restrict_opener_access = true P3 Tim Huang[:timhuang] [domsecurity-backlog1]
1494327 Allow Popups For This Site is not keyed by OriginAttributes P3 1330467 [tor]
1495241 Verify ServiceWorker is isolated by first party domain P3 [tor][domsecurity-backlog1]

9 Total; 9 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - QA Bugs

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
1316019 [FirstPartyIsolation] Failed to sign in to the pixnet.net P3 [tor][domsecurity-active]
1319728 Fx with FPI feature wrongly displays that sign-in on youtube has failed even though it did not P3 [tor][domsecurity-active]
1319761 Login on pinterest using facebook social network not working on Fx with FPI P3 [tor] [domsecurity-backlog1][platform-rel-Facebook]
1319767 Unable to login on imgur using Google+ on Fx with FPI P3 [tor][domsecurity-backlog1]
1319839 [FirstPartyIsolation] If you sign in to Gmail, you'll be automatically signed in when you visit YouTube P3 [tor][domsecurity-backlog1]
1336458 [FirstPartyIsolation] Unable to login using Facebook on As.com P3 1319773 [tor][domsecurity-backlog2]
1363952 The counter isn't updated after tapping the Like button in "ltn.com.tw" website P3 [tor][domsecurity-meta]
1379706 [FirstPartyIsolation] Can't log into crash-stats.mozilla.com (Socorro) with Google account P3 [domsecurity-backlog1]
1384657 Pocket doesn't work with privacy.firstparty.isolate set to true P3 [tor]
1459620 First party isolation breaks sign in on airnewzealand.com P3 [domsecurity-backlog1]
1460428 First-party isolation breaks the orange factor graph on Bugzilla P3 [domsecurity-backlog1]

11 Total; 11 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - Target as Fx53 Nightly

Full Query
ID Summary Assigned to Depends on Whiteboard
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom Jonathan Hao (inactive) [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. Yoshi Huang [:allstars.chh], Inactive 1264231, 1291652, 1300182, 1301274, 1301768, 1301778, 1470156 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) Jonathan Hao (inactive) [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264577 Tests for first-party isolation of cache (Tor 13749) Tim Huang[:timhuang] 1315579, 1289319, 1304219 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes Jonathan Hao (inactive) [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1289319 Add a test framework for the first party isolation tests. Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes Tim Huang[:timhuang] [OA][domsecurity-active]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) Jonathan Hao (inactive) [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1312541 Test first-party isolation of cookies Arthur Edelstein (Tor Browser dev) [:arthuredelstein] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) Jonathan Hao (inactive) [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). Tim Huang[:timhuang] 1304219, 1441445 [tor] [domsecurity-active][OA]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1316283 Isolate SSL session cache by origin attributes Jonathan Hao (inactive) [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1334690 Isolate AlternateService mappings by Origin Attributes Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true Jonathan Hao (inactive) [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]
1473247 Making the firstPartyDomain honors IP addresses Tim Huang[:timhuang] [domsecurity-active]

22 Total; 22 Open (100%); 0 Resolved (0%); 0 Verified (0%);


First Party Isolation - QA Bugs Fixed

Full Query
ID Summary Priority Assigned to Depends on Whiteboard Status Resolution
1309800 The firstPartyDomain should be blogger.com, not google.com (Enter "blogger.com" in Url bar) P3 Jonathan Hao (inactive) [:jhao] [tor][domsecurity-active] RESOLVED INVALID
1309816 Some firstPartyDomains are empty P3 Cynthia Tang [:cynthiatang] 1312954 [tor][domsecurity-active] RESOLVED DUPLICATE
1313627 [FirstPartyIsolation] Failed to sign in to the Baidu P1 Tim Huang[:timhuang] [tor][domsecurity-active] VERIFIED FIXED
1315907 [FirstPartyIsolation] Failed to sign in to the hao123.com P1 [tor][domsecurity-active] RESOLVED DUPLICATE
1316536 [FirstPartyIsolation] The publishing window will not disappear after clicking on "Publish" to publish news to your Facebook Wall P3 Tim Huang[:timhuang] [tor][domsecurity-active][platform-rel-Facebook] RESOLVED DUPLICATE
1317231 [FirstPartyIsolation] Failed to sign in to the 360.com -- [tor][domsecurity-active] RESOLVED INVALID
1319756 Login on Instagram using facebook social network stuck on Fx with FPI P3 [tor][domsecurity-backlog1] RESOLVED WORKSFORME
1319773 Issues signing in on Soundcloud using Firefox with FPI P1 Tim Huang[:timhuang] 1339213, 1339336 [tor][domsecurity-active] VERIFIED FIXED
1336439 [FirstPartyIsolation] MSN articles can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336440 [FirstPartyIsolation] Ebay-kleinanzeigen.de items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336441 [FirstPartyIsolation] Sabq.org items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336442 [FirstPartyIsolation] Onedio.com items can't be shared via Facebook P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336460 [FirstPartyIsolation] Unable to login using Facebook on Twitch.tv P3 1319773 [domsecurity-backlog2][tor] RESOLVED WORKSFORME
1336461 [FirstPartyIsolation] Unable to login using Facebook on Adf.ly P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336462 [FirstPartyIsolation] Unable to login using Facebook on Wikia.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336463 [FirstPartyIsolation] Unable to login using Facebook on Espn.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336464 [FirstPartyIsolation] Unable to login using Facebook on Dailymotion.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336465 [FirstPartyIsolation] Unable to login using Facebook on Sabah.com.tr P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1336466 [FirstPartyIsolation] Facebook pop-up does not close after entering credentials on Cdiscount.com P3 1319773 [tor][domsecurity-backlog2] RESOLVED WORKSFORME
1459518 Login into youtube.com with first party isolation shows an error message even though a second login attempt succeeds -- RESOLVED DUPLICATE

20 Total; 0 Open (0%); 18 Resolved (90%); 2 Verified (10%);


First Party Isolation - FIXED

Full Query
ID Summary Priority Assigned to Depends on Whiteboard
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom P1 Jonathan Hao (inactive) [:jhao] 775370 [psm-assigned]
1260931 Add 1st party isolation pref and OriginAttribute. P1 Yoshi Huang [:allstars.chh], Inactive 1264231, 1291652, 1300182, 1301274, 1301768, 1301778, 1470156 [tor], [domsecurity-active][ETA 9/12][tor 13742]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) P1 Jonathan Hao (inactive) [:jhao] 1289319, 1313491 [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1264567 Tests for first party isolation of localStorage (Tor 13749.1) P2 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) P1 Tim Huang[:timhuang] 1260931 [tor-testing][domsecurity-active][ETA 10/10]
1264572 Test the Isolate the Image Cache per url bar domain (Tor 13749.2) P2 Dave Huseby [:huseby] 1289319, 1304432 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264573 Regression tests for blob URL isolation (Tor 15502) P2 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
1264577 Tests for first-party isolation of cache (Tor 13749) P1 Tim Huang[:timhuang] 1315579, 1289319, 1304219 [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1264593 test Isolation on SharedWorker by first party domain (Tor 15564) P2 Tim Huang[:timhuang] 1302566, 1305223, 1268726, 1289319, 1335678 [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) P1 Jonathan Hao (inactive) [:jhao] 1289319 [tor-testing][OA-testing][domsecurity-backlog1]
1268726 isolate shared worker by first party domain (Tor 15564) P1 Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes P1 Jonathan Hao (inactive) [:jhao] 1279519, 1280948 [OA][userContextId][domsecurity-active][tor]
1274020 Add a test to show that the DOM Cache is separated by origin attributes P2 Jonathan Hao (inactive) [:jhao] 1195930 [OA-testing][usercontextId][domsecurity-active][tor-testing]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes P1 Tim Huang[:timhuang] 1310092, 1311237, 1319908, 1351084 [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1282655 Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute P2 Jonathan Hao (inactive) [:jhao] [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
1289319 Add a test framework for the first party isolation tests. P1 Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed -- Jonathan Hao (inactive) [:jhao] 1115712
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes P1 Tim Huang[:timhuang] [OA][domsecurity-active]
1300182 Intermittent browser/components/originattributes/test/browser/browser_firstPartyIsolation.js | "KO" == "OK" - P3 Yoshi Huang [:allstars.chh], Inactive [domsecurity-intermittent][tor]
1300671 Set firstPartyDomain for about: pages P2 Yoshi Huang [:allstars.chh], Inactive 1260931 [tor][domsecurity-active]
1301406 The cookies of the top-level page are not keyed with firstPartyDomain when first party isolation is turned on in e10s mode. P3 Yoshi Huang [:allstars.chh], Inactive [tor][domsecurity-backlog1]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) P1 Jonathan Hao (inactive) [:jhao] 1308679 [tor-testing][OA-testing][necko-next]
1301617 test for firstParty and userContextId documents with nsIPermissionManager P3 Jonathan Hao (inactive) [:jhao] [OA-testing][domsecurity-backlog1][tor-testing]
1301649 nits for firstPartyDomain in bug 1260931 P2 Yoshi Huang [:allstars.chh], Inactive 1260931 [tor], [domsecurity-backlog2]
1303062 Turn on first party isolation tests P3 Jonathan Hao (inactive) [:jhao] [tor-testing][domsecurity-active]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) P1 Tim Huang[:timhuang] 1316683 [tor-testing][necko-backlog][OA-testing]
1311237 Intermittent browser/components/originattributes/test/browser/browser_favicon_firstParty.js | The favicon image should be loaded through network. - Got http-on-examine-cached-response, expected http-on-examine-response, Test timed out, Found a tab P2 Tim Huang[:timhuang] [OA][domsecurity-intermittent][tor]
1312541 Test first-party isolation of cookies P1 Arthur Edelstein (Tor Browser dev) [:arthuredelstein] [tor][domsecurity-active]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) P1 Jonathan Hao (inactive) [:jhao] 1264562 [tor][domsecurity-active]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). P1 Tim Huang[:timhuang] 1304219, 1441445 [tor] [domsecurity-active][OA]
1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP redirect -- Yoshi Huang [:allstars.chh], Inactive [tor][domsecurity-active]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - P1 Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1315927 ignore firstPartyDomain and userContextId in PermissionStatus P2 Yoshi Huang [:allstars.chh], Inactive [tor][domsecurity-active]
1316283 Isolate SSL session cache by origin attributes P1 Jonathan Hao (inactive) [:jhao] 1315143 [OA][tor]
1317927 Media caching needs to use origin attributes P1 Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1323644 Isolate the HSTS and HPKP cache by first party domain. P2 Jonathan Hao (inactive) [:jhao] 1342178, 1290529, 1336867 [tor][tor 17965][necko-would-take][OA]
1334468 Crash in mozilla::OriginAttributes::CreateSuffix when entering ',s."' in url bar with privacy.firstparty.isolate=true -- Jonathan Hao (inactive) [:jhao] 1337629
1334690 Isolate AlternateService mappings by Origin Attributes P1 Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true P1 Jonathan Hao (inactive) [:jhao] 1337868, 1334690, 1337893 [tor][necko-would-take][OA]
1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService -- Jonathan Hao (inactive) [:jhao] 1345612
1337629 Add more restrictions to the host parser -- Valentin Gosu [:valentin] 1355487 [necko-active]
1340949 The Sync "Manage Account" link doesn't work properly with First-Party Isolation P3 1323853
1344170 set firstPartyDomain for blob: URI P2 Yoshi Huang [:allstars.chh], Inactive [tor][domsecurity-active]
1376971 Isolate Page Info media previews to content first party P3 Yoshi Huang [:allstars.chh], Inactive 1403365, 1405195, 1407498 [tor][tor 22327][OA][userContextId][domsecurity-backlog1]
1376973 The favicon of tabs dropdown list does not honor originAttributes. P2 Tim Huang[:timhuang] [tor][tor 22452][OA][userContextId][domsecurity-active]
1381197 browser.cookies fails to get/remove cookies by domain/url when privacy.firstparty.isolate = true P3 Chung-Sheng Fu [:cfu] [OA]
1473247 Making the firstPartyDomain honors IP addresses P1 Tim Huang[:timhuang] [domsecurity-active]

47 Total; 47 Open (100%); 0 Resolved (0%); 0 Verified (0%);


No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);