From 3c8920799db11ff27f6a42979e4b2d8c9d989abf Mon Sep 17 00:00:00 2001 From: Georg Koppen Date: Fri, 26 May 2017 19:18:32 +0000 Subject: [PATCH] Bug 21684: Don't expose navigator.AddonManager to content With https://bugzilla.mozilla.org/show_bug.cgi?id=1245571 support for websites to learn about installed add-ons landed. Currently, this is only enabled for AMO related sites but we don't think this functionality is something we want for Tor Browser as it might aid in fingerprinting users. The patch does not outright disable access to the API. Privileged code is still able to use it if needed. This should help with usability issues should they arise while mitigating possible fingerprinting and security problems by having this API available to content. This fixes bug 21684 by deleting the whitelist of URLs shipped with Firefox 52. --- .../mozapps/extensions/AddonManagerWebAPI.cpp | 39 ++----------------- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp b/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp index 3f2a7a5299f20..45326fd652c7d 100644 --- a/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp +++ b/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp @@ -20,41 +20,10 @@ using namespace mozilla::dom; static bool IsValidHost(const nsACString& host) { - // This is ugly, but Preferences.h doesn't have support - // for default prefs or locked prefs - nsCOMPtr prefService (do_GetService(NS_PREFSERVICE_CONTRACTID)); - nsCOMPtr prefs; - if (prefService) { - prefService->GetDefaultBranch(nullptr, getter_AddRefs(prefs)); - bool isEnabled; - if (NS_SUCCEEDED(prefs->GetBoolPref("xpinstall.enabled", &isEnabled)) && !isEnabled) { - bool isLocked; - prefs->PrefIsLocked("xpinstall.enabled", &isLocked); - if (isLocked) { - return false; - } - } - } - - if (host.Equals("addons.mozilla.org") || - host.Equals("discovery.addons.mozilla.org") || - host.Equals("testpilot.firefox.com")) { - return true; - } - - // When testing allow access to the developer sites. - if (Preferences::GetBool("extensions.webapi.testing", false)) { - if (host.LowerCaseEqualsLiteral("addons.allizom.org") || - host.LowerCaseEqualsLiteral("discovery.addons.allizom.org") || - host.LowerCaseEqualsLiteral("addons-dev.allizom.org") || - host.LowerCaseEqualsLiteral("discovery.addons-dev.allizom.org") || - host.LowerCaseEqualsLiteral("testpilot.stage.mozaws.net") || - host.LowerCaseEqualsLiteral("testpilot.dev.mozaws.net") || - host.LowerCaseEqualsLiteral("example.com")) { - return true; - } - } - + // We don't want to allow content to get information about the state of the + // extensions a user has installed. This might aid in fingerprinting. And + // allowing content at all access to this kind of information seems + // potentially risky from a security point as well. Fixes bug 21684. return false; } -- GitLab