Date: Sat, 20 Apr 2019 12:56:39 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 237414] www/firefox-esr: navigator.userAgent is vulnerable to fingerprinting Message-ID: <bug-237414-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237414 Bug ID: 237414 Summary: www/firefox-esr: navigator.userAgent is vulnerable to fingerprinting Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: gecko@FreeBSD.org Reporter: p5B2E9A8F@t-online.de Flags: maintainer-feedback?(gecko@FreeBSD.org) Assignee: gecko@FreeBSD.org Flags: maintainer-feedback? Having tested there: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html ----Output----- [header] http_user_agent=20=20=20=20=20=20=20=20 [navigator] userAgent Mozilla/5.0 (X11; FreeBSD i386; rv:60.0) Gecko/2010= 0101 Firefox/60.0 [navigator] appCodeName Mozilla [navigator] appName Netscape [navigator] product Gecko [navigator] appVersion 5.0 (X11) [navigator] oscpu Windows NT 6.0; Win64; x64 [navigator] platform Win64 [navigator] buildID 20100101 [navigator] productSub 20100101 ---browser, version, os--- [css] browser=20=20=20 [error messages] browser Firefox --------- userAgent shows 'X11; FreeBSD i386' while oscpu seems to be faked to 'Windo= ws NT 6.0; Win64; x64' and ist as such not consistent. This is *very* bad as it makes one pretty unique for browser fingerprinting --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237414-7788>