1564798 - Embedded iframes in Private Browsing windows leak history into non-private windows

Status: RESOLVED DUPLICATE of bug 1561028

(Firefox :: Private Browsing, defect)

Description

[Emmy]

Attachment: bug.html

STR:

1. Open a Private Browsing window
2. Visit a website with an embedded iframe (I've noticed the issue with Disqus comment sections and embedded YouTube videos)
3. Exit Private Browsing

The URL specified in the src attribute will be added to non-private history, and can be viewed after all PB windows have been closed. This implies that other data (cookies, storage, etc.) may be leaking as well, but I don't know for sure.

Comment 1

[Johann Hofmann [:johannh]]

I can't reproduce this in Nightly on a fresh profile, and I would be quite surprised if this was true.

Did you try this in a fresh profile? Do you have any extensions installed that could be causing this?

Comment 2

[(no longer active)]

For future reference, this is where we prevent adding history entries for private browsing visits: https://searchfox.org/mozilla-central/rev/40ef22080910c2e2c27d9e2120642376b1d8b8b2/docshell/base/nsDocShell.cpp#12080

Comment 3

[Emmy]

It looks like this bug only happens when Fission is enabled. After disabling it and trying bug.html again, the problem doesn't occur.

Comment 4

[(no longer active)]

(In reply to Emmy from comment #3)

It looks like this bug only happens when Fission is enabled. After disabling it and trying bug.html again, the problem doesn't occur.

Yes, that makes perfect sense. The reason is probably this code not working with Fission enabled: https://searchfox.org/mozilla-central/rev/40ef22080910c2e2c27d9e2120642376b1d8b8b2/docshell/base/nsDocShell.cpp#2704

Comment 5

[Vishinko]

Duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1561028

Comment 7

[Chris Peterson [:cpeterson]]

Duplicate bug 1561028 is scheduled for Fission M5.