svn commit: r452837 - in head/www/firefox: . files
Jan Beich
jbeich at FreeBSD.org
Wed Oct 25 09:53:42 UTC 2017
Author: jbeich
Date: Wed Oct 25 09:53:41 2017
New Revision: 452837
URL: https://svnweb.freebsd.org/changeset/ports/452837
Log:
www/firefox: backport privacy.resistFingerprinting fix for User-Agent
If users are going to "pkg lock" due to addons better pretend to be an
ESR on the off chance JS malware is stupid enough to only check
User-Agent to filter out non-vulnerable Firefox versions.
Obtained from: upstream (Firefox 57)
MFH: 2017Q4
Added:
head/www/firefox/files/patch-bug1393283 (contents, props changed)
Modified:
head/www/firefox/Makefile (contents, props changed)
Modified: head/www/firefox/Makefile
==============================================================================
--- head/www/firefox/Makefile Wed Oct 25 09:18:26 2017 (r452836)
+++ head/www/firefox/Makefile Wed Oct 25 09:53:41 2017 (r452837)
@@ -4,6 +4,7 @@
PORTNAME= firefox
DISTVERSION= 56.0.2
DISTVERSIONSUFFIX=.source
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= www ipv6
MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \
Added: head/www/firefox/files/patch-bug1393283
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/firefox/files/patch-bug1393283 Wed Oct 25 09:53:41 2017 (r452837)
@@ -0,0 +1,144 @@
+commit d20c7d929c84
+Author: Ethan <ettseng at mozilla.com>
+Date: Fri Sep 1 17:29:44 2017 +0800
+
+ Bug 1393283 - Use the last ESR version as the spoofed Firefox version. r=tihuang, r=mcmanus
+---
+ .../test/browser/browser_navigator.js | 2 +-
+ netwerk/protocol/http/nsHttpHandler.cpp | 16 +++----
+ .../resistfingerprinting/nsRFPService.cpp | 56 ++++++++++++++++++++++
+ .../components/resistfingerprinting/nsRFPService.h | 3 ++
+ 4 files changed, 66 insertions(+), 11 deletions(-)
+
+diff --git browser/components/resistfingerprinting/test/browser/browser_navigator.js browser/components/resistfingerprinting/test/browser/browser_navigator.js
+index 25c393d8bb2a..9f52e34a9451 100644
+--- browser/components/resistfingerprinting/test/browser/browser_navigator.js
++++ browser/components/resistfingerprinting/test/browser/browser_navigator.js
+@@ -91,7 +91,7 @@ add_task(async function setup() {
+
+ let appInfo = Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo);
+ let appVersion = parseInt(appInfo.version);
+- let spoofedVersion = appVersion - (appVersion % 10);
++ let spoofedVersion = appVersion - ((appVersion - 3) % 7);
+ spoofedUserAgent = `Mozilla/5.0 (${SPOOFED_OSCPU}; rv:${spoofedVersion}.0) Gecko/20100101 Firefox/${spoofedVersion}.0`;
+ });
+
+diff --git netwerk/protocol/http/nsHttpHandler.cpp netwerk/protocol/http/nsHttpHandler.cpp
+index 31d0f8832732..b957d835b52f 100644
+--- netwerk/protocol/http/nsHttpHandler.cpp
++++ netwerk/protocol/http/nsHttpHandler.cpp
+@@ -461,16 +461,12 @@ nsHttpHandler::Init()
+ mAppVersion.AssignLiteral(MOZ_APP_UA_VERSION);
+ }
+
+- // Generating the spoofed userAgent for fingerprinting resistance.
+- // The browser version will be rounded down to a multiple of 10.
+- // By doing so, the anonymity group will cover more versions instead of one
+- // version.
+- uint32_t spoofedVersion = mAppVersion.ToInteger(&rv);
+- if (NS_SUCCEEDED(rv)) {
+- spoofedVersion = spoofedVersion - (spoofedVersion % 10);
+- mSpoofedUserAgent.Assign(nsPrintfCString(
+- "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
+- SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++ // Generating the spoofed User Agent for fingerprinting resistance.
++ rv = nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent);
++ if (NS_FAILED(rv)) {
++ // Empty mSpoofedUserAgent to make sure the unsuccessful spoofed UA string
++ // will not be used anywhere.
++ mSpoofedUserAgent.Truncate();
+ }
+
+ mSessionStartTime = NowInSeconds();
+diff --git toolkit/components/resistfingerprinting/nsRFPService.cpp toolkit/components/resistfingerprinting/nsRFPService.cpp
+index 94554200c3b8..96a2940c04a0 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.cpp
++++ toolkit/components/resistfingerprinting/nsRFPService.cpp
+@@ -18,10 +18,13 @@
+ #include "nsServiceManagerUtils.h"
+ #include "nsString.h"
+ #include "nsXULAppAPI.h"
++#include "nsPrintfCString.h"
+
+ #include "nsIObserverService.h"
+ #include "nsIPrefBranch.h"
+ #include "nsIPrefService.h"
++#include "nsIXULAppInfo.h"
++#include "nsIXULRuntime.h"
+ #include "nsJSUtils.h"
+
+ #include "prenv.h"
+@@ -162,6 +165,59 @@ nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t
+ return NSToIntFloor(time * sVideoFramesPerSec * ((100 - boundedDroppedRatio) / 100.0));
+ }
+
++/* static */
++nsresult
++nsRFPService::GetSpoofedUserAgent(nsACString &userAgent)
++{
++ // This function generates the spoofed value of User Agent.
++ // We spoof the values of the platform and Firefox version, which could be
++ // used as fingerprinting sources to identify individuals.
++ // Reference of the format of User Agent:
++ // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
++ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
++
++ nsresult rv;
++ nsCOMPtr<nsIXULAppInfo> appInfo =
++ do_GetService("@mozilla.org/xre/app-info;1", &rv);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ nsAutoCString appVersion;
++ rv = appInfo->GetVersion(appVersion);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ // The browser version will be spoofed as the last ESR version.
++ // By doing so, the anonymity group will cover more versions instead of one
++ // version.
++ uint32_t firefoxVersion = appVersion.ToInteger(&rv);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ // Starting from Firefox 10, Firefox ESR was released once every seven
++ // Firefox releases, e.g. Firefox 10, 17, 24, 31, and so on.
++ // We infer the last and closest ESR version based on this rule.
++ nsCOMPtr<nsIXULRuntime> runtime =
++ do_GetService("@mozilla.org/xre/runtime;1", &rv);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ nsAutoCString updateChannel;
++ rv = runtime->GetDefaultUpdateChannel(updateChannel);
++ NS_ENSURE_SUCCESS(rv, rv);
++
++ // If we are running in Firefox ESR, determine whether the formula of ESR
++ // version has changed. Once changed, we must update the formula in this
++ // function.
++ if (updateChannel.Equals("esr")) {
++ MOZ_ASSERT(((firefoxVersion % 7) == 3),
++ "Please udpate ESR version formula in nsRFPService.cpp");
++ }
++
++ uint32_t spoofedVersion = firefoxVersion - ((firefoxVersion - 3) % 7);
++ userAgent.Assign(nsPrintfCString(
++ "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
++ SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
++
++ return rv;
++}
++
+ nsresult
+ nsRFPService::Init()
+ {
+diff --git toolkit/components/resistfingerprinting/nsRFPService.h toolkit/components/resistfingerprinting/nsRFPService.h
+index cf1f688bb992..bad80383883b 100644
+--- toolkit/components/resistfingerprinting/nsRFPService.h
++++ toolkit/components/resistfingerprinting/nsRFPService.h
+@@ -49,6 +49,9 @@ public:
+ static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+ static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+
++ // This method generates the spoofed value of User Agent.
++ static nsresult GetSpoofedUserAgent(nsACString &userAgent);
++
+ private:
+ nsresult Init();
+
More information about the svn-ports-head
mailing list