Opened 6 years ago

Closed 6 years ago

#11433 closed defect (duplicate)

window.sidebar.addSearchEngine leaks installation paths on OSX and Windows.

Reported by: arthuredelstein Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: tbb-fingerprinting
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Previously reported as part of #9308. Open ESR-24-based TBB on Windows or Mac, start the Web Console, and enter the line

window.sidebar.addSearchEngine("http://", "http://", null, null);

The resulting Exception reads

[Exception... "addEngine: Error adding engine:
[Exception... "Component returned failure code: 0x804b000a (NS_ERROR_MALFORMED_URI) [nsIIOService.newChannelFromURI]"  nsresult: "0x804b000a (NS_ERROR_MALFORMED_URI)"  location: "JS frame :: jar:file:///Applications/!/components/nsSearchService.js :: SRCH_ENG_initFromURI :: line 1201"  data: no]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: jar:file:///Applications/!/components/nsSearchService.js :: FAIL :: line 264"  data: no]

which includes the path


Depending on where TBB is installed, the path may include the User directory and thus may leak private information to client-side JS web code.

Note that this bug no longer obtains in ESR-31. The bug that fixed this was

"Port window.sidebar and window.external to WebIDL", ​

patch: ​

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by gk

Cc: gk added

comment:2 Changed 6 years ago by mikeperry

Resolution: duplicate
Status: newclosed

Calling this a dup of #9308 for simplicity. I updated the title in #9308 to be more general.

Note: See TracTickets for help on using tickets.