Date: Wed, 25 Oct 2017 09:53:41 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r452837 - in head/www/firefox: . files Message-ID: <201710250953.v9P9rf3b077425@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Wed Oct 25 09:53:41 2017 New Revision: 452837 URL: https://svnweb.freebsd.org/changeset/ports/452837 Log: www/firefox: backport privacy.resistFingerprinting fix for User-Agent If users are going to "pkg lock" due to addons better pretend to be an ESR on the off chance JS malware is stupid enough to only check User-Agent to filter out non-vulnerable Firefox versions. Obtained from: upstream (Firefox 57) MFH: 2017Q4 Added: head/www/firefox/files/patch-bug1393283 (contents, props changed) Modified: head/www/firefox/Makefile (contents, props changed) Modified: head/www/firefox/Makefile ============================================================================== --- head/www/firefox/Makefile Wed Oct 25 09:18:26 2017 (r452836) +++ head/www/firefox/Makefile Wed Oct 25 09:53:41 2017 (r452837) @@ -4,6 +4,7 @@ PORTNAME= firefox DISTVERSION= 56.0.2 DISTVERSIONSUFFIX=.source +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \ Added: head/www/firefox/files/patch-bug1393283 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/firefox/files/patch-bug1393283 Wed Oct 25 09:53:41 2017 (r452837) @@ -0,0 +1,144 @@ +commit d20c7d929c84 +Author: Ethan <ettseng@mozilla.com> +Date: Fri Sep 1 17:29:44 2017 +0800 + + Bug 1393283 - Use the last ESR version as the spoofed Firefox version. r=tihuang, r=mcmanus +--- + .../test/browser/browser_navigator.js | 2 +- + netwerk/protocol/http/nsHttpHandler.cpp | 16 +++---- + .../resistfingerprinting/nsRFPService.cpp | 56 ++++++++++++++++++++++ + .../components/resistfingerprinting/nsRFPService.h | 3 ++ + 4 files changed, 66 insertions(+), 11 deletions(-) + +diff --git browser/components/resistfingerprinting/test/browser/browser_navigator.js browser/components/resistfingerprinting/test/browser/browser_navigator.js +index 25c393d8bb2a..9f52e34a9451 100644 +--- browser/components/resistfingerprinting/test/browser/browser_navigator.js ++++ browser/components/resistfingerprinting/test/browser/browser_navigator.js +@@ -91,7 +91,7 @@ add_task(async function setup() { + + let appInfo = Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo); + let appVersion = parseInt(appInfo.version); +- let spoofedVersion = appVersion - (appVersion % 10); ++ let spoofedVersion = appVersion - ((appVersion - 3) % 7); + spoofedUserAgent = `Mozilla/5.0 (${SPOOFED_OSCPU}; rv:${spoofedVersion}.0) Gecko/20100101 Firefox/${spoofedVersion}.0`; + }); + +diff --git netwerk/protocol/http/nsHttpHandler.cpp netwerk/protocol/http/nsHttpHandler.cpp +index 31d0f8832732..b957d835b52f 100644 +--- netwerk/protocol/http/nsHttpHandler.cpp ++++ netwerk/protocol/http/nsHttpHandler.cpp +@@ -461,16 +461,12 @@ nsHttpHandler::Init() + mAppVersion.AssignLiteral(MOZ_APP_UA_VERSION); + } + +- // Generating the spoofed userAgent for fingerprinting resistance. +- // The browser version will be rounded down to a multiple of 10. +- // By doing so, the anonymity group will cover more versions instead of one +- // version. +- uint32_t spoofedVersion = mAppVersion.ToInteger(&rv); +- if (NS_SUCCEEDED(rv)) { +- spoofedVersion = spoofedVersion - (spoofedVersion % 10); +- mSpoofedUserAgent.Assign(nsPrintfCString( +- "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0", +- SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion)); ++ // Generating the spoofed User Agent for fingerprinting resistance. ++ rv = nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent); ++ if (NS_FAILED(rv)) { ++ // Empty mSpoofedUserAgent to make sure the unsuccessful spoofed UA string ++ // will not be used anywhere. ++ mSpoofedUserAgent.Truncate(); + } + + mSessionStartTime = NowInSeconds(); +diff --git toolkit/components/resistfingerprinting/nsRFPService.cpp toolkit/components/resistfingerprinting/nsRFPService.cpp +index 94554200c3b8..96a2940c04a0 100644 +--- toolkit/components/resistfingerprinting/nsRFPService.cpp ++++ toolkit/components/resistfingerprinting/nsRFPService.cpp +@@ -18,10 +18,13 @@ + #include "nsServiceManagerUtils.h" + #include "nsString.h" + #include "nsXULAppAPI.h" ++#include "nsPrintfCString.h" + + #include "nsIObserverService.h" + #include "nsIPrefBranch.h" + #include "nsIPrefService.h" ++#include "nsIXULAppInfo.h" ++#include "nsIXULRuntime.h" + #include "nsJSUtils.h" + + #include "prenv.h" +@@ -162,6 +165,59 @@ nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t + return NSToIntFloor(time * sVideoFramesPerSec * ((100 - boundedDroppedRatio) / 100.0)); + } + ++/* static */ ++nsresult ++nsRFPService::GetSpoofedUserAgent(nsACString &userAgent) ++{ ++ // This function generates the spoofed value of User Agent. ++ // We spoof the values of the platform and Firefox version, which could be ++ // used as fingerprinting sources to identify individuals. ++ // Reference of the format of User Agent: ++ // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent ++ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent ++ ++ nsresult rv; ++ nsCOMPtr<nsIXULAppInfo> appInfo = ++ do_GetService("@mozilla.org/xre/app-info;1", &rv); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ nsAutoCString appVersion; ++ rv = appInfo->GetVersion(appVersion); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ // The browser version will be spoofed as the last ESR version. ++ // By doing so, the anonymity group will cover more versions instead of one ++ // version. ++ uint32_t firefoxVersion = appVersion.ToInteger(&rv); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ // Starting from Firefox 10, Firefox ESR was released once every seven ++ // Firefox releases, e.g. Firefox 10, 17, 24, 31, and so on. ++ // We infer the last and closest ESR version based on this rule. ++ nsCOMPtr<nsIXULRuntime> runtime = ++ do_GetService("@mozilla.org/xre/runtime;1", &rv); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ nsAutoCString updateChannel; ++ rv = runtime->GetDefaultUpdateChannel(updateChannel); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ // If we are running in Firefox ESR, determine whether the formula of ESR ++ // version has changed. Once changed, we must update the formula in this ++ // function. ++ if (updateChannel.Equals("esr")) { ++ MOZ_ASSERT(((firefoxVersion % 7) == 3), ++ "Please udpate ESR version formula in nsRFPService.cpp"); ++ } ++ ++ uint32_t spoofedVersion = firefoxVersion - ((firefoxVersion - 3) % 7); ++ userAgent.Assign(nsPrintfCString( ++ "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0", ++ SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion)); ++ ++ return rv; ++} ++ + nsresult + nsRFPService::Init() + { +diff --git toolkit/components/resistfingerprinting/nsRFPService.h toolkit/components/resistfingerprinting/nsRFPService.h +index cf1f688bb992..bad80383883b 100644 +--- toolkit/components/resistfingerprinting/nsRFPService.h ++++ toolkit/components/resistfingerprinting/nsRFPService.h +@@ -49,6 +49,9 @@ public: + static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth, uint32_t aHeight); + static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t aHeight); + ++ // This method generates the spoofed value of User Agent. ++ static nsresult GetSpoofedUserAgent(nsACString &userAgent); ++ + private: + nsresult Init(); +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710250953.v9P9rf3b077425>