Opened 6 months ago

Closed 5 months ago

#28371 closed defect (duplicate)

verify that speculative connect on mousedown does not violate FPI

Reported by: mcs Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In Firefox 55, Firefox added code to speculatively connect when a user mousedowns over a link. We should verify that the early connection does not bypass first party isolation (if it does, it seems like we would have noticed by now... but we should double-check).

See https://bugzilla.mozilla.org/show_bug.cgi?id=1348278

Child Tickets

Change History (3)

comment:1 Changed 5 months ago by tom

This should be fine. It speculatively connects passing NodePrincipal() which contains OriginAttributes.

comment:2 Changed 5 months ago by onvisibilitychange

#22162 ;)

comment:3 in reply to:  2 Changed 5 months ago by mcs

Resolution: duplicate
Status: newclosed

Replying to onvisibilitychange:

#22162 ;)

Thanks! Resolving this ticket as a duplicate.

Note: See TracTickets for help on using tickets.