1511763 - privacy.resistFingerprinting: Fix calculation of spoofed ESR version for ESR >= 68.0

Status: RESOLVED FIXED

(Core :: DOM: Security, defect, P2)

Description

[Chris Peterson [:cpeterson]]

As noted by Simon Mainey in bug 1511434 comment 7, Firefox spoofs the ESR version when privacy.resistFingerprinting = true. The current formula for calculating the ESR version is 60 + multiples of seven:

https://searchfox.org/mozilla-central/rev/2edebf41a2b2e624859bf15ed5a98bdd002f73b4/toolkit/components/resistfingerprinting/nsRFPService.cpp#679-691

However, the next ESR will be 68, not 67, according to the Firefox release calendar:

https://wiki.mozilla.org/Release_Management/Calendar#Future_branch_dates

I will confirm the the Release Management team that 68 is the correct version and whether subsequent ESR versions with be every +7 or +8 Firefox releases.

Comment 1

[Chris Peterson [:cpeterson]]

Attachment: Bug 1511763 - Part 1: Fix spoofed ESR version calculation for Firefox 52+. r?tjr

The ESR release candence changed from every 7 Firefox releases to 8.

Also, move strcmp() instead #ifdef DEBUG because it does nothing in release builds.

Comment 2

[Chris Peterson [:cpeterson]]

Attachment: Bug 1511763 - Part 2: Make GetSpoofedUserAgent() infallible. r?tjr

Depends on D13657

Comment 3

[Chris Peterson [:cpeterson]]

(In reply to Chris Peterson [:cpeterson] from comment #1)
> The ESR release cadence changed from every 7 Firefox releases to 8.

Note that I'm still waiting to hear back from the Release Management team whether the ESR cadence has officially changed.

Comment 4

[Chris Peterson [:cpeterson]]

(In reply to Chris Peterson [:cpeterson] from comment #3)
> Note that I'm still waiting to hear back from the Release Management team
> whether the ESR cadence has officially changed.

Mike Kaply said he will have an answer for me about the ESR cadence next week.

65=wontfix because I won't land these patches until I hear from him, which will likely be after Nightly 66 starts on 2018-12-10.

Comment 5

[Chris Peterson [:cpeterson]]

Mike Kaply confirmed that the next ESR will be version 68 (as currently documented on the Release Calendar wiki [1]) but subsequent ESR versions will be chosen when the time comes.

So we will need this patch in Firefox 68+ so resistFingerprinting will correctly spoof ESR version 68 (instead of 67), but this code may need to be updated with ESR 75 or 76 comes around in 2020. :)

I will land these r+'d patches when 68 Nightly starts on 2019-03-11.

[1] https://wiki.mozilla.org/Release_Management/Calendar#Future_branch_dates

Comment 6

[Thorin [:thorin]]

(In reply to Chris Peterson [:cpeterson] from comment #5)
> I will land these r+'d patches when 68 Nightly starts on 2019-03-11.

Unless I'm missing something, don't you need to land this in 67 Nightly. In other words, I think this needs be actioned *before* the algorithm outputs 67 (imagine Tor Browser based on ESR60.7 suddenly claiming to be 67 - they'd have to patch it back to 60) because leaving it until 68 creates a third number across releases that increases entropy.

Comment 7

[Ethan Tseng [:ethan]]

This bug is critical to Tor Browser. Let's set it as P2.

Chris, thank you for doing this!

Comment 8

[Chris Peterson [:cpeterson]]

(In reply to Simon Mainey from comment #6)
> Unless I'm missing something, don't you need to land this in 67 Nightly. In
> other words, I think this needs be actioned *before* the algorithm outputs
> 67 (imagine Tor Browser based on ESR60.7 suddenly claiming to be 67 - they'd
> have to patch it back to 60) because leaving it until 68 creates a third
> number across releases that increases entropy.

Thanks! I think you're right. This patch won't land in the ESR 60.x branch, so Tor >= 60.7 will continue to claim it's version 60 until it moves to ESR 68.

Without this patch, Firefox 67 with resistFingerprinting will spoof version 67 (using the formula 67-(67-4)%7) while Tor >= 60.7 will still spoof 60. Landing this patch in Firefox 67 will make 67 spoof version 60 (using the formula 67-(67-4)%8) and 68 spoof 68, just like Tor 68.

Comment 9

[Chris Peterson [:cpeterson]]

67 Nightly starts on 2019-01-28.

Comment 10

[Viktor Jägersküpper]

(In reply to Chris Peterson [:cpeterson] from comment #9)

67 Nightly starts on 2019-01-28.

Can you land the patches now?

Comment 11

[Chris Peterson [:cpeterson]]

Tom, do you mind re-reviewing my ESR version spoofing changes here?

You r+'d my changes based in December, but I had to fix some merge conflicts (from your "Spoof OS in HTTP User-Agent header" bug 1509829) when rebasing.

I also wanted to confirm whether Firefox 67 is the correct release cycle to land these changes.

Comment 12

[Thorin [:thorin]]

I also wanted to confirm whether Firefox 67 is the correct release cycle to land these changes.

ESR/Tor Browser are not affected. We were over-thinking it earlier. 67 is the minimum version to add this code, because if you don't change it now, you'll have to backport to 67 beta, as 67 without changes will report 67, and not the desired 60. In hindsight, we could have landed this patch months ago as the changes only affect 67+.

Comment 13

[Thorin [:thorin]]

67 is the minimum version

I think I need some coffee. 67 is the last chance (or maximum) version

Comment 14

[Tom Ritter [:tjr]]

r+ and yup; we want to land this in 67.

Comment 15

[Pulsebot]

Pushed by cpeterson@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8202aff2027a
Part 1: Fix spoofed ESR version calculation for Firefox 52+. r=tjr
https://hg.mozilla.org/integration/mozilla-inbound/rev/58207eeb2afa
Part 2: Make GetSpoofedUserAgent() infallible. r=tjr

Comment 16

[Oana Pop-Rus]

https://hg.mozilla.org/mozilla-central/rev/8202aff2027a
https://hg.mozilla.org/mozilla-central/rev/58207eeb2afa