Opened 7 weeks ago
Last modified 5 weeks ago
#32287 needs_information defect
bookmark save a screenshoot for bookmarked page?
Reported by: | rexkzhfbhgyc | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | tbb-9.0-issues |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
I think this is a dangerous thing because it expose my page screenshot as exactly what I seen.
TBB version:9.0 (based on Mozilla Firefox 68.2.0esr) (32-bit)
Platform:Linux
Child Tickets
Attachments (1)
Change History (6)
comment:1 Changed 6 weeks ago by
Changed 6 weeks ago by
Attachment: | bookmarking.png added |
---|
I don't see this (temp? memeory only?) thumb being stored anywhere in the profile, although places-sqlite-wal grew massively after the fact
comment:2 Changed 6 weeks ago by
Keywords: | tbb-9.0-issues added |
---|
We should figure out whether that's an actual issue in Tor Browser. Maybe the screenshot is just shown when the page is bookmarked?
comment:3 Changed 6 weeks ago by
Did a quick dig: the bookmarking confirmation/cancel panel with favicon+screenshot landed in FF62. Here's the screenshot ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1460248
comment:4 Changed 5 weeks ago by
Status: | new → needs_information |
---|
I'm not sure this is a bug (or that we should fix it). Bookmarks are already tagged with the date they were last modified. We can go down the rabbit-hole of scrubbing all timestamps associated with bookmarks and any other information that may indicate when the bookmark was created/updated - but that is a much larger issue.
comment:5 Changed 5 weeks ago by
I don't think the concern is metadata: it's the actual content of the thumbnail may reveal something unintentional (e.g your user name on the site: e.g if I bookmarked this page, it says "logged in as Thorin"). If the thumbnail in the confirmation/cancel dialog is memory only, then I think we're good.
I'm can't post one screenshot for security reason.
I found out one similar(maybe same) question:https://support.mozilla.org/en-US/questions/1232360
But the solution just focus on hide such screenshot in UI rather than avoid leak such screenshot to disk(if any).