Opened 7 months ago

Last modified 5 months ago

#33855 assigned defect

Don't use site's icon as window icon in Windows when in private browsing mode

Reported by: pospeselr Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #33534 Points:
Reviewer: Sponsor: Sponsor58

Description (last modified by gk)

When the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private browsing mode.

This mode can be accessed when:

  • browser.ssb.enabled = true

Relevant ticket:

Child Tickets

Change History (6)

comment:1 Changed 7 months ago by pospeselr

Parent ID: #33534

comment:2 Changed 5 months ago by mcs

This is only an issue if someone flips the hidden pref browser.ssb.enabled to true. The tracking bug for the site-specific browsing feature is:

If we are worried about someone playing with this loaded gun we could stub out the applyOSIntegration() function in browser/components/ssb/WindowsSupport.jsm but it seems okay to ignore this for now.

comment:3 Changed 5 months ago by mcs

Status: assignedneeds_information

sysrqb or gk, what are your thoughts r.e. comment:2?

comment:4 Changed 5 months ago by gk

Description: modified (diff)

comment:5 in reply to:  3 Changed 5 months ago by gk

Status: needs_informationassigned

Replying to mcs:

sysrqb or gk, what are your thoughts r.e. comment:2?

Yes, I agree with that. We currently have bigger fish to fry than stubbing out a disabled feature like that. I guess what we can do for now, though, is setting the pref explicitly to false in our prefs file.

That said I wonder why this is actually an issue for us at all, given that Mozilla likely does not want to reveal any local caching done outside of PBM which is then used for that feature in PBM. I feel this is either a non-issue (I have not looked at the code) or something upstream wants to address, too, without stubbing out the function. (If the latter is the case we should file an upstream bug I think)

comment:6 Changed 5 months ago by mcs

The current implementation does not appear to account for PBM. Kathy and I found this bug which is related:

We will create a patch to set browser.ssb.enabled to false.

Note: See TracTickets for help on using tickets.