Security/Fusion/Dashboard: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Add a section for closed bugs)
(Add links to dashboards.)
Line 1: Line 1:
== Dashboards ==
* [https://wiki.mozilla.org/Security/Fusion/Dashboard/Tor_Uplift '''Tor Uplift''']
* [https://wiki.mozilla.org/Security/Fusion/Dashboard/First_Party_Isolation '''First Party Isolation''']
* [https://wiki.mozilla.org/Security/Fusion/Dashboard/Fingerprinting '''Fingerprinting''']
== Bug Tracking ==
== Bug Tracking ==
Fingerprinting MVP bugs are tracked under the meta bug: <br>
Fingerprinting MVP bugs are tracked under the meta bug: <br>

Revision as of 15:54, 14 November 2018

Dashboards

Bug Tracking

Fingerprinting MVP bugs are tracked under the meta bug:
bug 1329996 - [META] Support anti-fingerprinting protection

Whiteboard Definition

  • [fingerprinting]: Fingerprinting bugs
  • [fp-breakage]: Breakage issues caused by fingerprinting resistance
  • [fp-triaged]: Already triaged
  • [fp-backlog]: Backlog bugs

Fingerprinting Bugs

Open P1 Bugs (We are actively working on them)

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Open P2 Bugs (Important. We will work on them ASAP)

Full Query
ID Summary Priority Status Assigned to Whiteboard
1041818 take steps to mitigate canvas fingerprinting P2 NEW [fingerprinting][tor][fp-triaged]
1329996 [META] Tor Uplift: Fingerprinting Resistance P2 NEW [tor][fingerprinting][domsecurity-meta][fp-triaged]
1397996 scrollbar thickness reveals platform P2 NEW [tor][fingerprinting][fp-triaged][tor 22137]
1414311 New window size is different than expected after changing screen dpi (with privacy.resistFingerprinting pref enabled) P2 NEW [fingerprinting][fp-triaged][tor 30970]
1485249 WebGL extensions should be disabled when private.resistFingerprinting is enabled P2 NEW [tor 6370][gfx-noted][fingerprinting][fp-triaged]
1502831 Use software rendering to mitigate canvas fingerprinting while privacy.resistFingerprinting=True P2 REOPENED [fingerprinting][fp-triaged]
1522517 [meta] Unify software rendering settings while privacy.resistFingerprinting=True P2 NEW [fingerprinting][fp-triaged]
1522528 Disable anialiasing while privacy.resistFingerprinting=True P2 NEW [fingerprinting][fp-triaged]

8 Total; 8 Open (100%); 0 Resolved (0%); 0 Verified (0%);


P3-P5 Bugs (Backlog)

Full Query
ID Summary Priority Status Assigned to Whiteboard
1445310 Clamp and Jitter Timestamps in CSS Animations P3 NEW Brian Birtles (:birtles) [fingerprinting][fp-triaged]
1422862 Make OffscreenCanvas respect Canvas Permission Prompt so you don't always get a placeholder P3 ASSIGNED Fatih Kilic [:fkilic] [fingerprinting][gfx-noted][fp-triaged][fpp:m8]
1152448 "Forget About This Site" does not forget site's enumerateDevices Ids P3 ASSIGNED Jan-Ivar Bruaroey [:jib] (needinfo? me) [fingerprinting][fp-triaged]
1439784 Fix the KeyboardEvent mochitests P3 NEW [tor][fingerprinting][fp-triaged]
1447011 Permit setting HSTS entries only on the host name or the eTLD+1 P3 NEW [fingerprinting][psm-backlog][fp-triaged]
1356383 Add Telemetry for Gamepad API P3 REOPENED [fingerprinting][fp-triaged]
1330882 When privacy.resistFingerprinting = true, set new windows to rounded dimensions [tor 19459] P3 REOPENED [fingerprinting][tor][fp-triaged]
1233846 WebSpeech Synthesis API mustn't allow fingerprinting P3 NEW [fingerprinting][tor 10283][fp-triaged]
1315203 XSHM: Cross Site History Manipulation (information leakage) P3 NEW [fingerprinting][fp-triaged]
1325874 Consider seperating page content history for userContextId P3 NEW [fingerprinting][fp-triaged][domsecurity-backlog2][userContextId]
1336208 Bundle and whitelist fonts when privacy.resistFingerprinting = true P3 NEW [fingerprinting][gfx-noted][fp-triaged]
1356381 [META] Add Telemetry and Perform Experiments to measure breakage/impact of Anti-Fingerprinting Patches P3 NEW [domsecurity-meta] [fingerprinting][fp-triaged]
1940296 Vsync is enabled on Wayland when RFP is on and leaks the monitor refresh rate P3 NEW [fingerprinting]
1372288 [meta] WebExtensions can be used as user fingerprint P3 NEW [fingerprinting][fp-triaged]
1383656 Tweak and analyze the value and find out an appropriate way to generate the padding size for opaque response P3 NEW [fingerprinting] [fxprivacy] [fp-triaged]
1394448 Cannot install Addon with privacy.resistFingerprinting==true P3 NEW [fp-triaged][domsecurity-backlog1][fingerprinting]
1401493 Perform Fingerprint Comparison of Tor Browser and Firefox P3 NEW [tor][fingerprinting][fp-triaged]
1772039 Enabling privacy.resistFingerprinting causes the zoom cameras/screens to be a black screen. P3 NEW [fingerprinting][domsecurity-backlog3]
1405971 Webextension UUID leak to servers via Fetch request headers P3 NEW [fingerprinting][fp-triaged]
1409974 KeyboardEvent.location could be used as a user behavior fingerprinting vector. P3 NEW [fingerprinting][fp-triaged]
1412814 privacy.resistFingerprinting should do something smarter about system metric media queries. P3 NEW [gfx-noted][fingerprinting][fp-triaged]
1722181 Math Fingerprinting via Polyfills P3 NEW [fingerprinting]
1420653 DeviceId is persisted even if cookies are disabled, allowing persistent fingerprint P3 NEW [fingerprinting][fp-triaged]
1420809 Permissions that are perpetually denied should not return Reject immediately P3 NEW [fingerprinting][fp-triaged]
1422482 OS username disclosure using downloads manager P3 NEW [fingerprinting][tor]
1422890 Add additional Canvas Fingerprinting Tests P3 NEW [fingerprinting][gfx-noted][fp-triaged]
1717671 Avoid the use of a persistent UUID in the public base URL of extensions P3 NEW [mv3-future][sp3][fingerprinting]
1636005 Default submit button label length allows browser language fingerprinting P3 NEW [reporter-external] [client-bounty-form] [verif?][fingerprinting][domsecurity-backlog1]
1429097 Pause execution when Canvas Permission Prompt is displayed P3 NEW [fingerprinting][gfx-noted][fp-triaged]
1429519 Add a canvas-imagedata permission P3 NEW [fingerprinting][gfx-noted][fp-triaged]
1429648 Add tests that handle timer rounding P3 NEW [fingerprinting][fp-triaged]
1429865 Allow managing canvas permissions in about:preferences when resistFingerprinting is on P3 NEW [gfx-noted][fingerprinting][fp-triaged]
1581453 Resist Fingerprinting retriggers Bug 402089 - nsDOMUIEvent should cache coordinates when DuplicatePrivateData is called P3 NEW [fingerprinting]
1562290 Need a mechanism to limit gyroscope data leakage for fingerprinting P3 NEW [fingerprinting]
1617872 Consider making IsResistFingerprintingEnabled affect shared memory P3 NEW [fingerprinting][domsecurity-backlog1]
1450398 [meta] Resist Fingerprinting Mode should allow finer control of applicability P3 NEW [fingerprinting][fp-triaged][fpp:m?]
1450401 mozFullScreen leaks exact screen resolution P3 NEW [fingerprinting][fp-triaged]
1466148 WebRTC leaks internal addresses even when camera/mic permissions are not granted P3 NEW [fingerprinting][fp-triaged]
1470592 macOS 10.14 Camera/Mic Permissions granted in Private Browsing Mode shouldn't persist P3 NEW [tor][fingerprinting][fp-triaged]
1472808 For privacy.resistFingerprinting, spoof Keyboard Layout according to content locale P3 NEW [tor][fingerprinting][fp-triaged]
1475973 browser/components/resistfingerprinting/test/browser/browser_roundedWindow_open_* and browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_* fail on Windows install with 150% dpi P3 NEW [tor][fingerprinting][fp-triaged]
1485258 When privacy.spoof_english is true, don't reveal locale by charset fallback P3 NEW [tor 20025][fingerprinting][fp-triaged]
1490728 Improve discoverability/explanation of RFP P3 NEW [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1507517 [META] Breakage from Fingerprinting Resistance P3 NEW [fingerprinting][fp-triaged][domsecurity-backlog1]
1507879 Investigate getClientRects for fingerprinting P3 NEW [tor 29564][fingerprinting][fp-triaged]
1532859 Non-integer devicePixelRatio's cause blurriness with RFPTarget::WindowDevicePixelRatio P3 NEW [domsecurity-backlog1][tor][fingerprinting][fp-triaged][fpp:m?]
1538718 Account for Display Scaling when rendering P3 NEW [fingerprinting]
1542676 Round subpixel accuracy of window properties to integers when resistfingerprinting is enabled P3 NEW [tor 26607][fingerprinting]
1591337 RFP screen spoofs: step common spoofs based on inner window P3 ASSIGNED Pier Angelo Vendrame [fingerprinting]
1314443 Audit the existing disable WebRTC preferences and ensure they work as advertised P3 ASSIGNED Tom Ritter [:tjr] [tor][fingerprinting][tor-mobile][fp-triaged]
1579584 Have window.outerHeight/outerWidth lie and report the innerHeight/innerWidth P3 NEW Tom Ritter [:tjr] [fingerprinting][fpp:future]
1449732 Do not expose Local IP Address in Resist Fingerprinting Mode P5 REOPENED [fingerprinting][fp-triaged]
1428033 Apply Resist Fingerprinting Protection to WebGL P5 NEW [fingerprinting][gfx-noted][fp-triaged]
1426232 Consider a Timezone Permission for Resist Fingerprinting P5 NEW [fingerprinting][fp-triaged]
1414162 Investigate and improve privacy.resistFingerprinting handling when toggled on mid-session P5 NEW [fingerprinting][fp-triaged]
1403747 When privacy.resistFingerprinting is true, warn users not to maximize their window P5 NEW [tor][fingerprinting][fp-triaged]
1928095 x86/x86_64 architecture are exposed through sign bit on NaN arithmetic P5 NEW [fingerprinting]
1362184 Add Telemetry for IndexedDB P5 NEW [fingerprinting][fp-triaged]
572650 [meta] Reduce the amount of data and entropy sent out in HTTP requests P5 NEW [fingerprinting][necko-would-take][fp-triaged]
1582687 Block user-installed fonts by default -- NEW [fingerprinting]
1719738 Simplify Timezone Names to Reduce Fingerprinting -- NEW [fingerprinting]
1916271 Gecko reveals sanitized GPU Characteristics; webkit and blink return hardcoded strings for all users -- NEW [client-bounty-form][fingerprinting]
959893 [meta] WebRTC Internal IP Address Leakage -- NEW [fingerprinting][fp-triaged]
503221 Locale can be determined using jar: protocol to test resource:///chrome/ entries -- NEW [fingerprinting]

64 Total; 64 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed Bugs

Full Query
ID Summary Priority Resolution Assigned to Whiteboard
1345322 Create the preference privacy.resistFingerprinting in firefox.js P1 FIXED Ethan Tseng [:ethan] [fingerprinting][tor][fp:m1]
1333933 Disable/spoof fingerprintable features when privacy.resistFingerprinting = true P1 FIXED Arthur Edelstein [:arthur] [tor][fingerprinting][fp-backlog][fp-triaged]
1730434 FIDO2/WebAuthn privacy leak through a timing attack using silent authentications. P1 FIXED R. Martinho Fernandes [:rmf] [publication date Feb 2022][fingerprinting][post-critsmash-triage][adv-main101+][adv-esr91.10+]
1413780 Make canvas permission a first-class permission P1 FIXED Chung-Sheng Fu [:cfu] [fingerprinting]
1330876 use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786] P1 FIXED Chung-Sheng Fu [:cfu] [fingerprinting] gfx-noted [tor][fp:m2]
1337161 Disable navigator.getGamepads() when privacy.resistFingerprinting = true P1 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m2]
967895 Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253) P1 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m3][ux]
1217290 Add fingerprinting resistance for WebGL (Tor 16005) P1 FIXED Chung-Sheng Fu [:cfu] [tor][tor-standalone][fingerprinting][fp:m3]
1039069 Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting P1 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting][fp:m3][ux]
1360039 Spoof navigator.hardwareConcurrency = 2 when privacy.resistFingerprinting = true P1 FIXED Chris Peterson [:cpeterson] [tor 21675][fingerprinting][fp:m1]
1281963 Hide navigator.plugins and navigator.mimeTypes when resisting fingerprinting (Tor 17207) P1 FIXED Dave Huseby [:huseby] [tor][fingerprinting]
1801095 A released patch pollute every WebGL shader program with a detectable variable that can help fingerprinting Firefox >= 105 on Mac Intels P1 FIXED Kelsey Gilbert [:jgilbert] [fingerprinting][reporter-external] [client-bounty-form] [verif?]
1414153 Fingerprintable information is leaked when using "Send Tab to Device" feature P1 FIXED Lina Butler (ex-Mozilla) [fingerprinting]
1330892 <isindex> leaks user locale P1 FIXED [fingerprinting][tor][fp:m3]
1369327 Making reader view users uniform when 'privacy.resistFingerprinting' is true P1 FIXED Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m2]
1217238 Reduce precision of time exposed by Javascript (Tor 1517) P1 FIXED Jonathan Hao (inactive) [:jhao] [fingerprinting][tor][fp:m1]
1304490 Build fails with --disable-webrtc P1 FIXED Randell Jesup [:jesup] (needinfo me) [tor][fingerprinting]
1372072 Neutralize the threat of fingerprinting of network information API when 'privacy.resistFingerprinting' is true P1 FIXED Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1372069 Neutralize the threat of fingerprinting of geolocation API when 'privacy.resistFingerprinting' is true P1 FIXED Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1369319 Disable device sensors when 'privacy.resistFingerprinting' is true P1 FIXED Tim Huang[:timhuang] [fingerprinting][tor][fp:m2]
1363508 Consider how to do Anti-fingerprinting for Pointer Events P1 FIXED Tim Huang[:timhuang] [tor 25794][fingerprinting]
1333651 Spoofing Navigator API when resisting fingerprinting is enabled P1 FIXED Tim Huang[:timhuang] [tor][fingerprinting][domsecurity-backlog1][fp:m2]
1333641 Disable WebSpeech API when privacy.resistFingerprinting is enabled P1 FIXED Tim Huang[:timhuang] [tor][fingerprinting][fp:m2]
1222285 Keyboard layout is leaked by KeyboardEvent P1 FIXED Tim Huang[:timhuang] [tor 15646][tor 17009][tor-standalone][fingerprinting][fp:m3][fp-triaged]
1330890 Use UTC timezone when privacy.resistFingerprinting = true [tor 16622] P1 FIXED Tom Ritter [:tjr] [fingerprinting][tor 16622][fp:m1][fp-triaged]
1424341 Allow independent and adjustable timer precision P1 FIXED Tom Ritter [:tjr] [fingerprinting][fp-triaged]
1418672 privacy.resistFingerprinting no longer spoofs browser version in FF59 P1 FIXED Tom Ritter [:tjr] [fingerprinting] [fp-triaged][domsecurity-backlog1]
1429647 Switch privacy.reduceTimerPrecision and privacy.resistFingerprinting to use Relaxed Semantics P1 FIXED Tom Ritter [:tjr] [fingerprinting][fp-triaged]
1430841 ReduceTimePrecision suffers from float fuzziness P1 FIXED Tom Ritter [:tjr] [fingerprinting][fp-triaged]
1409973 Make Date.toLocaleDateString and Intl.DateTimeFormat anti-fingerprintable P1 FIXED Tom Ritter [:tjr] [fingerprinting][tor][fp-triaged]
1431425 Refactor the Timer Rounding tests P1 FIXED Tom Ritter [:tjr] [fingerprinting]
1431455 Restore the 100ms timer clamping min when Resistfingerprinting is enabled P1 FIXED Tom Ritter [:tjr] [fingerprinting][fp-triaged]
467035 <!DOCTYPE> ignores contentaccessible, leaks DTD strings and therefore browser UI locale P2 FIXED Alex Catarineu (Tor Browser dev) [sg:low][fingerprinting][fp-triaged][tor 30304][adv-main70-]
1393283 privacy.resistFingerprinting should change the user agent to 52, not 50 P2 FIXED Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1396468 Spoof navigator.oscpu as 'Windows NT 6.1; Win64; x64' when resisting fingerprinting is enabled P2 FIXED Ethan Tseng [:ethan] [tor][fingerprinting][domsecurity-active]
1438795 Keyboard layout still leaked by keydown/keyup event "which" value P2 FIXED Arthur Edelstein [:arthur] [fingerprinting]
1406294 Refactor browser/components/resistfingerprinting/test/browse rounded window tests P2 FIXED Chung-Sheng Fu [:cfu] [tor][fingerprinting]
1382533 When resisting fingerprinting, don't expose local IP Addresses via mDNS P2 FIXED Chung-Sheng Fu [:cfu] [tor 22165][fingerprinting][fp:m3]
1354633 blank MediaError.message when resisting fingerprinting P2 FIXED Chung-Sheng Fu [:cfu] [tor 21792][fingerprinting][fp:m3]
1511434 privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14 P2 FIXED Chris Peterson [:cpeterson] [tor][fingerprinting][domsecurity-active][fp-triaged]
1408702 Resist fingerprinting causes scrollbar glitch in Firefox 58 P2 FIXED Emilio Cobos Álvarez (:emilio) [tor][fingerprinting-breakage]
1436226 Hardcode VP8/VP9 algorithm choice when resisting fingerprinting P2 FIXED Fatih Kilic [:fkilic] [tor 22548] [fingerprinting][fp-triaged]
1035774 Implement Interaction Media Features including pointer:coarse that replaces non-standard -moz-touch-enabled P2 FIXED Hiroyuki Ikezoe (:hiro) [fingerprinting][fp:m4][fp-triaged][webcompat][layout:p1]
1266495 Consider removing <isindex> from the parser and form submission [tor 18914] P2 FIXED Henri Sivonen (:hsivonen) btpp-active [tor][fingerprinting]
1381628 Provide UI to enable users to control which sites have access to their VR device configuration and sensors P2 FIXED Jonathan Kingston [:jkt] he/him [fingerprinting][fp-triaged]
1358149 Address fingerprinting issues with AudioContext P2 FIXED Karl Tomlinson (:karlt) [tor 13017][fingerprinting][fp-triaged][fpp:m5]
1511941 privacy.resistfingerprinting performance API spoofing breaks vimeo.com P2 FIXED sanketh [fingerprinting][fp-triaged][sci-exclude][domsecurity-active]
1411425 [meta] [gtk] [fission] Remove full-native theming for content (Linux NNT) P2 FIXED [fingerprinting][overhead:noted][fp-triaged]
1554751 Consider to change the spoof value of window.devicePixelRatio P2 FIXED Pier Angelo Vendrame [fingerprinting][fp-triaged][domsecurity-active]
1290481 Implement mitigations for opaque response storage in the DOM cache P2 FIXED Tom Tung [:tt, :ttung] [storage-v1][fingerprinting][adv-main57-]
1723281 Fast query of registered URL schemes through XMLHttpRequest for system fingerprinting P2 FIXED Olli Pettay [:smaug][bugs@pettay.fi] [reporter-external] [client-bounty-form][fingerprinting][necko-triaged][adv-main95+][adv-ESR91.4.0+]
1492766 Fingerprinting protection for pointerEvent.pointerid P2 FIXED Tim Huang[:timhuang] [fingerprinting][fp-triaged]
680300 Restrict discoverability of protocol handlers [Tor 1623] P2 FIXED Tim Huang[:timhuang] [fingerprinting][probing][necko-backlog][tor]
1382545 Animation API exposes high-res time stamp P2 FIXED Tim Huang[:timhuang] [tor 16337][fingerprinting][fp:m3]
1446472 privacy.resistFingerprinting is true blocks QR code (canvas) on web.whatsapp.com without any notice P2 FIXED Tim Huang[:timhuang] [fingerprinting] [gfx-noted][fp-triaged]
1407366 When privacy.resistFingerprinting=true, dynamically round content dimensions P2 FIXED Tom Ritter [:tjr] [fingerprinting][fp-triaged][tor 14429]
1447592 Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false P2 FIXED Tom Ritter [:tjr] [fingerprinting-breakage]
1461454 Support Resist Fingerprinting in canPlayType and Media Capabilities APIs P2 FIXED Tom Ritter [:tjr] [tor 13543][fingerprinting][fp-triaged]
1429885 A reduceTimerPrecision rounding value of 0 is not supported P2 FIXED Tom Ritter [:tjr] [fingerprinting]
1621433 In RFP mode, turn the all-white canvas into a fully random 'poison pill' P2 FIXED Tom Ritter [:tjr] [fingerprinting][domsecurity-active]
1337157 privacy.resistFingerprinting should disable WEBGL_debug_renderer_info P2 FIXED Tom Ritter [:tjr] gfx-noted, [tor][fingerprinting]
1485266 When privacy.resistFingerprinting = true, use stand-ins for native colors P2 FIXED Gary Chen [:xeonchen] [tor][gfx-noted][fingerprinting][fp-triaged]
1486258 Regression tests to check that new Intl APIs respect privacy.spoof_english P2 FIXED Gary Chen [:xeonchen] [tor 26611][fingerprinting][fp-triaged]
1492587 Ensure the date picker does not leak user locale when "privacy.spoof_english" == 2 P2 FIXED Gary Chen [:xeonchen] [tor 21787][fingerprinting][fp-triaged]
1560574 ftp:// on Windows can be used to leak the system time zone (Tor 30800) P2 FIXED Gary Chen [:xeonchen] [fingerprinting][tor 30800] [necko-triaged]
1581537 Browser UI locale is leaked in several ways P3 FIXED Alex Catarineu (Tor Browser dev) [tor 30683][fingerprinting]
1383495 Spoofing Navigator API platform as Win64 when resisting fingerprinting is enabled P3 FIXED Ethan Tseng [:ethan] [tor][fingerprinting][fp:m3][domsecurity-active]
1121643 Add an option to only expose whitelisted system fonts to avoid fontlist fingerprinting (Tor 13313) P3 FIXED Arthur Edelstein [:arthur] [gfx-noted] [tor][fingerprinting]
1721840 ScreenOrientation::ShouldResistFingerprinting is hangey? P3 FIXED Alisha Sharma [bhr:ScreenOrientation::ShouldResistFingerprinting]
267645 Page can obtain path to Mozilla installation or possibly profile by examining JavaScript exceptions P3 FIXED Boris Zbarsky [:bzbarsky] [sg:want] stepping-stone [fingerprinting][fp-triaged][adv-main75-]
1334111 EME: PersistentState should be disabled in private browsing mode P3 FIXED Chris Pearce [:cpearce (Not reading bugmail)] [fingerprinting]
1382499 Touch API leaks absolute screen coordinates P3 FIXED Chung-Sheng Fu [:cfu] [tor 10286][fingerprinting][fp:m3]
1372073 Neutralize the threat of fingerprinting of media devices API when 'privacy.resistFingerprinting' is true P3 FIXED Chung-Sheng Fu [:cfu] [fingerprinting][tor][fp:m3]
583181 Don't reveal navigator.buildID to every site on the web P3 FIXED Chris Peterson [:cpeterson] [fingerprinting]
1390465 disable or limit WebVTT with privacy.resistFingerprinting P3 FIXED Fatih Kilic [:fkilic] [tor][fingerprinting][fp-triaged]
1507280 Ensure the reporting URI respects Resist Fingerprinting wrt locale P3 FIXED Fatih Kilic [:fkilic] [fingerprinting][fp-triaged][domsecurity-backlog]
1222924 Stop exposing the moz-icon URL scheme to the web P3 FIXED :Gijs (he/him) [gfx-noted][fingerprinting][fp:m4][adv-main59-]
1478158 Guard prefers-reduced-motion by Resist Fingerprinting pref P3 FIXED Hiroyuki Ikezoe (:hiro) [fingerprinting]
1485264 Rip out the dom.event.highrestimestamp.enabled pref P3 FIXED Josef Citrine (:jcit) [tor][fingerprinting][fp-triaged]
1762919 Make dropped frame statistics more realistic P3 FIXED Jeff Muizelaar [:jrmuizel] [fingerprinting]
1801134 Curious websites can obtain a (cryptographically) unique identifier about the used Android device. P3 FIXED John Lin [:jhlin][:jolin] [fingerprinting][reporter-external] [client-bounty-form] [verif?][post-critsmash-triage]
1441295 Revert 1372069 and allow geolocation prompts if Resist Fingerprinting is set to true P3 FIXED Yuan Lyu [fingerprinting]
1448848 privacy.resistFingerprinting should not affect screen coordinates for extensions/content scripts P3 FIXED [fingerprinting][fp-triaged]
1416574 privacy.resistFingerprinting should do something about mozmm P3 FIXED [fingerprinting]
1693212 getClientRects plus CSS Animation can synthesize a RAF-interval-resolution timing probe P3 FIXED [domsecurity-backlog][fingerprinting]
1535761 [meta] Remove native theming for content P3 FIXED [fingerprinting][overhead:noted][fp-triaged] [not-a-fission-bug]
1314448 Create a build target that adds --disable-webrtc to the mozconfig P3 FIXED [tor][tor-testing][fingerprinting]
1392844 Ensure that Stylo respects privacy.resistFingerprinting P3 FIXED [tor][fingerprinting][stylo][fp-backlog]
1412961 Fix canvas APIs in extension documents when resistFingerprinting is enabled P3 FIXED Tim Nguyen :ntim [fingerprinting][fingerprinting-breakage]
1595823 Fix the AudioContext's sample-rate if privacy.resistFingerprinting is enabled P3 FIXED Paul Adenot (:padenot) [fingerprinting]
1875313 Spoof English is ignored in number validation P3 FIXED Pier Angelo Vendrame [fingerprinting]
1556002 Change the Initial Window Size Resolution to use the same Stepped Resolution as Letterboxing P3 FIXED Pier Angelo Vendrame [fingerprinting]
1404608 Do not lie about Operating System when privacy.resistFingerprinting is true P3 FIXED Tim Huang[:timhuang] [domsecurity-backlog3][fingerprinting-breakage]
1439657 Remove Console Timing from non-Worker Console Timing P3 FIXED Tom Ritter [:tjr] [fingerprinting][adv-main60-]
1397611 Allow Web Extensions to control privacy.resistFingerprinting P3 FIXED Tom Ritter [:tjr] [fingerprinting]
1509829 privacy.resistFingerprinting: UA header, upstream Tor 26146 P3 FIXED Tom Ritter [:tjr] [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1727775 [android] RFP userAgent vs Desktop Mode P5 FIXED Fatih Kilic [:fkilic] [fingerprinting][domsecurity-backlog3]
1362188 Add Telemetry for navigator.hardwareConcurrency P5 FIXED [tor][fingerprinting][fp-triaged]
1409269 spoofed useragent from privacy.resistfingerprinting conflicts with OS revealed by TCP/IP fingerprinting P5 FIXED [fingerprinting][domsecurity-backlog]
1281949 screen.orientation should be spoofed when privacy.resistFingerprinting is enabled (Tor 18958) -- FIXED Arthur Edelstein [:arthur] [tor][fingerprinting] btpp-active
867501 Date.toLocaleFormat exposes OS locale (Tor 13019) -- FIXED Arthur Edelstein [:arthur] [fingerprinting][tor]
418986 window.screen and CSS media queries provide a large amount of identifiable information (Tor 2875) -- FIXED Arthur Edelstein [:arthur] [fingerprinting][tor 5856][tor 2875][tor 4755]
1193593 Test fingerprinting resistance for media queries in picture elements -- FIXED Arthur Edelstein [:arthur] [tor][fingerprinting]
1410106 fingerprinting users in private window using web-worker + indexedDB -- FIXED Andrew Sutherland [:asuth] (he/him) [fingerprinting][adv-main57+][adv-esr52.5.1]
1054739 Reduce HTTP Accept-Language Entropy -- FIXED awake [:awake] [fingerprinting]
870667 Reinstate the dom.enable_performance preference, but have it just control what gets returned from performance.timing.* -- FIXED Boris Zbarsky [:bzbarsky] [fingerprinting]
1324044 Fingerprinting resistance in pluginarray/mimetypesarray misses own prop names -- FIXED Boris Zbarsky [:bzbarsky] [tor][fingerprinting]
1153672 Fingerprinting individuals via performance.now() -- FIXED Boris Zbarsky [:bzbarsky] [post-critsmash-triage][adv-main41+][fingerprinting]
1334776 Header name interning leaks across origins -- FIXED Dragana Damjanovic [:dragana] [necko-active][fingerprinting][adv-main55+][post-critsmash-triage]
1409677 WebGL fails to initialize when resistFingerprint is enabled -- FIXED Daosheng Mu[:daoshengmu] [tor][fingerprinting-breakage][fp:backlog][gfx-noted]
1704110 Browser Tracking through Preflight Cache -- FIXED Emma Zühlcke [:emz] [fingerprinting][tor][post-critsmash-triage][adv-main92-][adv-esr91.1-]
1607032 RFP: make spoofed orientation reflect spoofed screen dimensions -- FIXED Fatih Kilic [:fkilic] [tor 30543][fingerprinting]
1459089 Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers -- FIXED Igor Oliveira [fingerprinting]
1385597 privacy.resistFingerprinting fails to restore system timezone -- FIXED Jan Beich [fingerprinting]
654550 Preference to disable video statistics -- FIXED leonard.beck [tor] [fingerprinting]
531915 Floating point differences between platforms -- FIXED sanketh [fingerprinting]
1635603 Create a nsContentUtils::ShouldResistFingerPrinting(nsILoadInfo* aLoadInfo) -- FIXED sanketh [fingerprinting]
1881037 Leaking Browser URL/Protocol Handlers through window.open() behavior -- FIXED Nika Layzell [:nika] (ni? for response) [fingerprinting][reporter-external] [client-bounty-form] [verif?][adv-main131+][adv-esr128.3+]
1828538 Relay extension reveals unique user fingerprint -- FIXED [fingerprinting]
655367 fingerprinting installed apps through a timing attack using moz-icon: and WebGL -- FIXED [fingerprinting]
1428331 HiDPI and privacy.resistFingerprinting -- FIXED [fingerprinting][fp-triaged]
1787790 getComputedStyle reports a wrong family for system fonts under certain conditions -- FIXED Pier Angelo Vendrame [fingerprinting]
1886687 Timezone leak through document.lastModified when using RFP -- FIXED Pier Angelo Vendrame [fingerprinting] [adv-main126-]
1900648 XSLT error messages can leak browser UI language -- FIXED Pier Angelo Vendrame [tor 42288][fingerprinting]
1607316 Implement separate fingerprinting resistance treatment of @media interaction features for desktop and android -- FIXED Tom Ritter [:tjr] [fingerprinting][tor 32886]
1830070 about:blank doesn't properly resist fingerprinting. -- FIXED Tom Ritter [:tjr] [fingerprinting][fpp:m3][adv-main116-][adv-ESR115.1-]
1539505 Group Policy Allows Proxy Bypass P1 INVALID [fingerprinting][tor][tor 29916]
1369328 Open popup windows in new tabs when 'privacy.resistFingerprinting' = true P1 INVALID Tim Huang[:timhuang] [fingerprinting][tor][fp:m2][domsecurity-active]
1367313 Add a test case to inform people when someone tries to remove prefs that have fingerprinting concerns P1 INVALID Tim Huang[:timhuang] [fingerprinting][tor][fp:m1] [domsecurity-active]
1432031 Disable ESR Debug Assertion P1 INVALID Tom Ritter [:tjr] fingerprinting, [domsecurity-active]
1470828 privacy.resistFingerprinting breaks some shortcut keys P2 INVALID [fingerprinting][fp-triaged]
1428351 Review hardware-benchmarked algorithm choices and hardcode choices in Resist Fingerprinting mode P2 INVALID Tim Huang[:timhuang] [fingerprinting][fp-triaged][tor 22548]
1466025 enforce DNT header when privacy.resistFingerprinting=true P3 INVALID [fingerprinting][domsecurity-backlog1][fp-triaged]
1621988 Some Google Docs Shortcuts still don't work under Resist Fingerprinting P3 INVALID [tor][fingerprinting][domsecurity-backlog1]
1776910 Resist Fingerprinting exposes plugins P3 INVALID [domsecurity-backlog3][fingerprinting]
1527747 Amazon Prime Video doesn't work with privacy.resistFingerprinting P3 INVALID [fingerprinting][fp-triaged][domsecurity-backlog][tor]
1499478 navigator.userAgent violates HTML specification when RFP enabled P3 INVALID [domsecurity-backlog][fingerprinting]
1475825 setting resistFingerprinting to true results in a better fingerprint by screen resolution P3 INVALID Tim Huang[:timhuang] [tor][fingerprinting][fp-triaged]
1433676 Sub-Document fetches do NOT honor "general.useragent.override.[domain]" setting P5 INVALID [fingerprinting][fp-triaged]
1403813 The test result of Geolocation API is different (Tor V.S. Firefox with anti-fingerprinting) -- INVALID [fingerprinting][tor]
1402557 Firefox window size and maximized state doesn't persist -- INVALID [fingerprinting]
1714185 navigator.oscpu returns "Linux x86_64" even if privacy.resistFingerprinting is enabled -- INVALID [fingerprinting]
757726 disallow enumeration of navigator.plugins P2 WONTFIX Chris Peterson [:cpeterson] [fingerprinting] Websites tech advo bug 934107
1519122 In RFP Mode, spoof the modifier state "Meta" in OSX into a "Ctrl" state in keyboard events. P2 WONTFIX [tor][fingerprinting]
1456378 privacy.resistFingerprinting breaks image cropping in Expensify P2 WONTFIX [domsecurity-backlog1][fingerprinting][fp-triaged]
1393662 Making IsResistFingerprintingEnabled() checks in nsRFPService::ReduceTimePrecisionAs* inline and changing the name of nsRFPService::ReduceTimePrecisionAs* into MaybeReduceTimePrecisionAs* P2 WONTFIX Tom Ritter [:tjr] [fingerprinting][tor][domsecurity-backlog][fp:m4]
1414001 The finger print information of Nightly (with privacy.resistFingerprinting pref enabled) and Tor browser do not match on https://fpcentral.irisa.fr/ P3 WONTFIX [fingerprinting]
1413842 The browserleaks information of Nightly (with privacy.resistFingerprinting pref enabled) and Tor browser do not match P3 WONTFIX [fingerprinting]
1413837 The panopticlick information of Nightly (with privacy.resistFingerprinting pref enabled) and Tor browser do not match P3 WONTFIX [fingerprinting]
1413707 The browser-print information of Nightly (with privacy.resistFingerprinting pref enabled) and Tor browser do not match P3 WONTFIX [fingerprinting]
1529391 Don't spoof version number in User Agent with privacy.resistFingerprinting enabled P3 WONTFIX [fingerprinting][domsecurity-backlog]
1408825 Do not ask for HTML5 canvas permission if privacy.resistFingerprinting is true P3 WONTFIX Tom Ritter [:tjr] [tor][fingerprinting][fp:backlog]
1538130 privacy.resistFingerprinting should not create windows with rounded dimensions when letterboxing is enabled P5 WONTFIX Kestrel [fingerprinting][tor]
1120398 Security: Addons with no contentaccessible resources can be enumerated via differing error results P5 WONTFIX [domsecurity-backlog][fingerprinting] [fp-triaged]verify both chrome: and resource: when fixed
1450561 Resist screen elements dimensions fingerprinting P5 WONTFIX [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1397994 CSS line-height reveals platform P5 WONTFIX Pier Angelo Vendrame [tor 23104][tor 23701][tor 29563][fingerprinting][fp-triaged]
1308340 checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1) -- WONTFIX Arthur Edelstein [:arthur] [tor][fingerprinting][fp-backlog][fp-triaged]
1601040 Add UI for modifying resistFingerprinting prefs when privacy.resistFingerprinting is enabled -- WONTFIX morgan (Tor Project) [tor 32325][fingerprinting]
1618869 Display authorization popup for WebGL with privacy.resistFingerprinting -- WONTFIX [fingerprinting]
1818894 RFP: harden network information protection -- WONTFIX [fingerprinting]
1501875 new Date().toString() emits localized, long timezone on Firefox 63, at least 1 site is broken -- WONTFIX [fingerprinting][fp-triaged]
1333916 ICU ignores TZ env var on Windows -- WONTFIX [tor][fingerprinting]
928311 [panopticlick] elude tracking by making browser fingerprinting more generic -- WONTFIX [fingerprinting]
1466027 privacy.resistFingerprinting UA version spoof & Beta/Dev/Nightly -- WONTFIX [fingerprinting]
1409809 Constantly remind people about privacy.resistFingerprinting -- WONTFIX [fingerprinting-breakage]
1452391 PNG favicons show up as white square when privacy.resistFingerprinting is enabled -- WONTFIX [fingerprinting-breakage]
1405810 Setting privacy.resistFingerprinting=true breaks cmd keyboard shortcuts for Google Docs on OSX P1 DUPLICATE [domsecurity-backlog1][tor][fingerprinting-breakage][fp-triaged]
1369330 Make javascript use English locale when 'privacy.resistFingerprinting' is true P1 DUPLICATE [fingerprinting][tor][fp:m2]
527667 DOM Storage (localStorage, sessionStorage) data is not cleared when "Clear Recent History" is used with Time range not "Everything" P1 DUPLICATE [sg:want][tor][fingerprinting]
1415488 privacy.resistFingerprinting : USER-AGENT leaks when using the the HTTP CONNECT method P1 DUPLICATE Gary Chen [:xeonchen] [fingerprinting][domsecurity-active]
1470161 Firefox Quantum Nightly 63.0a1 yields wrong date/time when switching privacy.resistFingerprinting on then off again P1 DUPLICATE Gary Chen [:xeonchen] [fingerprinting]
1690038 Scrollbar is enabled and disabled based on a setting in macOS system preferences P2 DUPLICATE [fingerprinting][tor 22632]
1460145 privacy.resistfingerprinting breaks the square selection on the HOT Tasking Manager P2 DUPLICATE Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1468957 privacy.resistFingerprinting set to true breaks https://www.google.com/streetview/ P2 DUPLICATE Tim Huang[:timhuang] [domsecurity-backlog1][fingerprinting][fp-triaged]
1388743 Collect Telemetry on the differences in system fonts P2 DUPLICATE Gary Chen [:xeonchen] [fingerprinting] [fxprivacy] [gfx-noted] [fp-triaged]
1364261 Make UTC Timezone Spoofing optional when privacy.resistfingerprinting = true P3 DUPLICATE [tor][fingerprinting-breakage][fp-backlog][fp-triaged]
1357733 The `devicelight` event allows information leaks. P3 DUPLICATE [fingerprinting]
732096 Add a preference to prevent local font enumeration P3 DUPLICATE [fingerprinting][tor][tor-standalone]
1377744 privacy.resistfingerprinting's UTC timezone should not affect extensions P3 DUPLICATE [fp-triaged][alarms][fingerprinting]
1640449 Privacy and security features should prevent localhost and local network WebSocket abuse P3 DUPLICATE [fingerprinting][necko-triaged]
1620347 Two different full-screen behaviors when privacy.resistFingerprinting.letterboxing = true P3 DUPLICATE [fingerprinting][domsecurity-backlog]
1616046 Letterboxing does not always set resolution correctly P3 DUPLICATE [fingerprinting]
1593585 Letterboxing and findbar inconsistencies [part 2] P3 DUPLICATE [fingerprinting]
1581492 [resistFingerprinting] Performance API spoofing prevents site from loading login scripts P3 DUPLICATE [fingerprinting] [sci-exclude][domsecurity-backlog1]
1533787 privacy.resistFingerprinting causes icons on some sites (including Gmail) to be blurry P3 DUPLICATE [tor][fingerprinting][fp-triaged][sci-exclude]
1492775 Consider how to do fingerprinting resistance for pointer events for mobile P3 DUPLICATE [fingerprinting][fp-triaged]
1882364 Leaking Browser URL/Protocol Handlers by CSP report-uri P3 DUPLICATE [fingerprinting][reporter-external] [client-bounty-form] [verif?]
1491343 Time is incorrect when the instance is opened via about:profiles in another profile with privacy.resistFingerprinting enabled P3 DUPLICATE [fingerprinting][fp-triaged]
1485280 Prevent fingerprinting by SpeechRecognition P3 DUPLICATE [tor][fingerprinting][fp-triaged]
1415874 Add the canvas/extractData permission to SitePermissions.jsm when privacy.resistFingerprinting is set to true P3 DUPLICATE [fingerprinting]
1462115 privacy.resistfingerprinting affects the timezone displayed in native file picker dialogs P3 DUPLICATE [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
1425130 Sensor API exposes a High-Res timestamp P3 DUPLICATE [fingerprinting][domsecurity-backlog1][fp-triaged]
1433815 Ensure EnableOrientationChangeListener respects privacy.resistFingerprinting P3 DUPLICATE [tor-mobile][fingerprinting][fp-triaged]
1404017 Pref for fingerprinting resistance in private browsing mode P3 DUPLICATE [fingerprinting][fp-triaged]
1442863 Smooth scrolling implementations perform badly with resistFingerprinting's reduced timer precision P3 DUPLICATE [fingerprinting][fp-triaged]
1400582 Deleting all history still leaves some traces that can be used to precisely track individual users. P3 DUPLICATE [tor][fingerprinting]
1403099 game in http://www.best.io/paper-io has very bad performance due to anti-fingerprinting setting (needs higher resolution timer) P5 DUPLICATE [domsecurity-backlog][fingerprinting][fp-triaged]
1401440 Split privacy.resistFingerprinting into multiple options P5 DUPLICATE [fingerprinting] [fp-triaged]
728952 Don't expose the SeaMonkey/Firefox patch level (2.10.Y/13.X.Y) in the UA string, only show the major version (2.10/13.X) P5 DUPLICATE [fingerprinting][fp-triaged]
1526663 Intermittent browser/components/resistfingerprinting/test/browser/browser_roundedWindow_windowSetting_max_outer.js | The screen.height has a correct rounded value - 100 == 1000 - P5 DUPLICATE [fingerprinting][tor]
1615483 hide VR devices when privacy.resistFingerprinting = true -- DUPLICATE [fingerprinting]
1519881 Geolocation Permissions are applied in private browsing sessions -- DUPLICATE [fingerprinting]
1941847 Gecko reveals more GPU Hardware Information than Webkit/chromium -- DUPLICATE [client-bounty-form][fingerprinting]
1438474 resistFingerprinting breaks taking screenshots -- DUPLICATE [fingerprinting-breakage]
1437349 Detect if user install certain software with external protocol -- DUPLICATE [fingerprinting]
1394735 Enabling privacy.resistFingerprinting causes jank in jquery scrolling -- DUPLICATE [fingerprinting][fp-triaged]
1436309 resistFingerprinting prevents browser shortcuts to work in some pages -- DUPLICATE [fingerprinting-breakage]
1472923 Detecting registered URI schemes leads to fingerprinting -- DUPLICATE [fingerprinting]
1416273 nsContentUtils::ShouldResistFingerprinting should work on the networking thread -- DUPLICATE [fingerprinting]
1420234 The privacy.resistFingerprinting flag interferes with the JS Date object -- DUPLICATE [fingerprinting]
1419938 Add 'learn more' link to HTML5 canvas anti-fingerprinting permission prompt -- DUPLICATE [fingerprinting]
1466326 privacy.resistFingerprinting set to true breaks Proxy Switcher and Manager -- DUPLICATE [fingerprinting-breakage]
1360242 Add Telemetry for NetworkInformation API -- DUPLICATE [fingerprinting]
811582 window JS object provides a large amount of identifiable information -- DUPLICATE [fingerprinting][fp-triaged]
1077986 offline storage permission setting not working correctly -- DUPLICATE [tor][fingerprinting]
903959 custom resource://foo/ allows fingerprinting addons -- DUPLICATE [fingerprinting]
1518839 In RFP: Only Spoof the OS in the User Agent; and do not lie in the HTTP Header -- DUPLICATE Tom Ritter [:tjr] [tor 26146][fingerprinting]
1621729 privacy.resistFingerprinting set to true breaks login at https://appleid.apple.com P2 WORKSFORME [tor][fingerprinting][domsecurity-backlog1]
1396322 privacy.resist.fingerprinting breaks Tampermonkey P2 WORKSFORME [fingerprinting-breakage]
1364398 Firefox doesn't restore windows into a rounded size when it comes with 2 or more windows if 'privacy.resistFingerprinting' is true P2 WORKSFORME Tim Huang[:timhuang] [fingerprinting][fp-triaged]
779197 Use a protocol not accessible from content P3 WORKSFORME [fingerprinting]
1418537 Bad window height set when bookmarks toolbar is open with resistfingerprinting option P3 WORKSFORME [fingerprinting][fp-triaged][tor 27845]
1437266 Navigating back on youtube sometimes fails and restarts the current video with resistFingerprinting enabled P3 WORKSFORME [fingerprinting][domsecurity-backlog1][fp-triaged]
1525224 Window is not fully wide maximized (margin on left and right), not showing WIndows taskbar sometimes, unable to resize unmaximized window P3 WORKSFORME [tor][fingerprinting][fp-triaged]
1503872 reCAPTCHA v3 fails with Resist Fingerprinting Enabled P3 WORKSFORME [domsecurity-backlog1][fingerprinting][fp-triaged]
1695281 GPU content process freezes on startup when javascript.use_us_english_locale is true -- WORKSFORME [resistfingerprinting][domsecurity-backlog3]
1539503 Ensure CSS device-pixel-ratio (and related) and imgset/srcset obeys Fingerprinting Resistance -- WORKSFORME [fingerprinting][tor]
1403876 The test result of screen resolution is different (Tor V.S. Firefox with anti-fingerprinting) -- WORKSFORME [fingerprinting][tor]
1216800 some chrome code may be incorrectly receiving spoofed devicePixelRatio -- WORKSFORME [fingerprinting]
1353894 Intermittent browser/components/resistfingerprinting/test/browser/browser_roundedWindow_newWindow.js | The screen.height has a correct rounded value - 1000 == 900 - -- WORKSFORME [stockwell unknown][fingerprinting]
1432506 Implement the Canvas Permission Prompt on Fennec P3 INCOMPLETE [fingerprinting][fp-triaged]
1399279 initial viewport too small for fullscreen WebApps with privacy.resistFingerprinting enabled P5 INCOMPLETE [fingerprinting][fp-triaged][tor-mobile]
1470582 Intermittent browser/components/resistfingerprinting/test/browser/browser_block_mozAddonManager.js | Test timed out - P5 INCOMPLETE [fingerprinting]

233 Total; 233 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Fusion/Dashboard&oldid=1203937"