Security/Fusion/Dashboard/First Party Isolation

From MozillaWiki
Jump to: navigation, search

Bug Tracking

First Party Isolation bugs are tracked under the meta bug:
bug 1299996 - [META] Support Tor first-party isolation

Open P1 Bugs (We are actively working on them)

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Open P2 Bugs (Important. We will work on them ASAP)

Full Query
ID Summary Priority Status Assigned to Whiteboard
1676104 Make WebRequest and GeckoWebExecutor First-Party aware P2 NEW [tor 40171] [geckoview:2023?]

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);


P3-P5 Bugs (Backlog)

Full Query
ID Summary Priority Status Assigned to Whiteboard
1315205 [META] QA bugs of First Party Isolation P3 NEW [tor][domsecurity-meta]
1319346 WebChannel not isolated by originAttributes P3 REOPENED [domsecurity-backlog2][OA][userContextId][tor]
1337868 Add Origin Attribute connection isolation tests for HTTP2, TLS, and WebSockets P3 NEW [OA-testing][tor-testing][domsecurity-backlog1]
1357346 [META] QA bugs of First Party Isolation on Fennec P3 NEW [tor][domsecurity-meta]
1371651 about:cache does not show entries when `privacy.firstparty.isolate` is set to `true` P3 NEW [tor 22451][necko-backlog][dfpi-ok]
1398414 Key :visited per origin (first-party-isolation / partitioning for :visited). P3 NEW [tor]
1556212 Per-Domain Cookie Permissions are broken with FPI enabled P3 NEW [domsecurity-backlog1]
1583891 When FPI is enabled, about:debugging does not list Service Workers that have a firstPartyDomain attribute P3 NEW [dfpi-ok]
1630869 Consider changing the key of FPI to site (i.e., include the URL scheme) P3 NEW [domsecurity-backlog1]
1321158 Investigate if window.open() inheriting firstPartyDomain resolves breakage P5 NEW [tor][domsecurity-backlog1]
1495204 [pdf.js] Lots of errors "system principal mismatch" with privacy.firstparty.isolate=true P5 NEW [tor][pdfjs-network]
1628783 Make FPI affect keying of docgroup P5 NEW [domsecurity-backlog1]
1475811 Entering URLs in address bar violates FPI P5 NEW Pier Angelo Vendrame [tor 26353][dfpi-ok]

13 Total; 13 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Closed Bugs

Full Query
ID Summary Priority Resolution Assigned to Whiteboard
1260931 Add 1st party isolation pref and OriginAttribute. P1 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor], [domsecurity-active][ETA 9/12][tor 13742]
1317927 Media caching needs to use origin attributes P1 FIXED Andrea Marchesini [:baku] [OA][tor][domsecurity-active]
1312541 Test first-party isolation of cookies P1 FIXED Arthur Edelstein [:arthur] [tor][domsecurity-active]
1268726 isolate shared worker by first party domain (Tor 15564) P1 FIXED Dave Huseby [:huseby] [tor][domsecurity-active][ETA 10/10][OA]
1270680 image cache should respect originAttributes P1 FIXED Jonathan Hao (inactive) [:jhao] [OA][userContextId][domsecurity-active][tor]
1312794 Annotate OCSP requests by first party domain. (Tor 13670.2) P1 FIXED Jonathan Hao (inactive) [:jhao] [tor][domsecurity-active]
1115712 make DataStorage for HPKP and HSTS enumerable via xpcom P1 FIXED Jonathan Hao (inactive) [:jhao] [psm-assigned]
1301523 Add a test that checks HTTP auth is isolated by first party domain (Tor 13900) P1 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][necko-next]
1264562 Isolate OCSP cache by first party domain. (Tor 13670.2) P1 FIXED Jonathan Hao (inactive) [:jhao] [tor][tor-testing][OA-testing][domsecurity-active][ETA 11/7]
1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true P1 FIXED Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1316283 Isolate SSL session cache by origin attributes P1 FIXED Jonathan Hao (inactive) [:jhao] [OA][tor]
1264595 test isolation by mediaSource URI by first party domain (Tor 15703) P1 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][domsecurity-backlog1]
1334690 Isolate AlternateService mappings by Origin Attributes P1 FIXED Jonathan Hao (inactive) [:jhao] [tor][necko-would-take][OA]
1264577 Tests for first-party isolation of cache (Tor 13749) P1 FIXED Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1304219 Ensure link rel=preconnect requests are isolated by origin attributes (Tor 16998) P1 FIXED Tim Huang[:timhuang] [tor-testing][necko-backlog][OA-testing]
1277803 Make the loading of favicon through the XUL:image uses the correct originAttributes P1 FIXED Tim Huang[:timhuang] [OA][userContextId][domsecurity-active][tor][tor 13670.1]
1289319 Add a test framework for the first party isolation tests. P1 FIXED Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active]
1264571 Add a test case of isolating Broadcast Channels for first party. (Tor 16300) P1 FIXED Tim Huang[:timhuang] [tor-testing][domsecurity-active][ETA 10/10]
1294866 Make the loading of favicon during SessionRestore use the correct originAttributes P1 FIXED Tim Huang[:timhuang] [OA][domsecurity-active]
1315723 Intermittent browser/components/originattributes/test/browser/browser_cache.js | Test timed out - P1 FIXED Tim Huang[:timhuang] [domsecurity-intermittent][tor][OA]
1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). P1 FIXED Tim Huang[:timhuang] [tor] [domsecurity-active][OA]
1473247 Making the firstPartyDomain honors IP addresses P1 FIXED Tim Huang[:timhuang] [domsecurity-active]
1542309 firstPartyDomain not set on top-level domain URLs P2 FIXED Alex Catarineu (Tor Browser dev) [tor 24622][domsecurity-active]
1300671 Set firstPartyDomain for about: pages P2 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1315927 ignore firstPartyDomain and userContextId in PermissionStatus P2 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1344170 set firstPartyDomain for blob: URI P2 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1301649 nits for firstPartyDomain in bug 1260931 P2 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor], [domsecurity-backlog2]
1264572 Test the Isolate the Image Cache per url bar domain (Tor 13749.2) P2 FIXED Dave Huseby [:huseby] [tor-testing][OA-testing][domsecurity-backlog1][ETA 10/10]
1554805 feed reader WX (Brief) not working with FPI enabled P2 FIXED Johann Hofmann [:johannh] [tor]
1323644 Isolate the HSTS and HPKP cache by first party domain. P2 FIXED Jonathan Hao (inactive) [:jhao] [tor][tor 17965][necko-would-take][OA]
1264573 Regression tests for blob URL isolation (Tor 15502) P2 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
1274020 Add a test to show that the DOM Cache is separated by origin attributes P2 FIXED Jonathan Hao (inactive) [:jhao] [OA-testing][usercontextId][domsecurity-active][tor-testing]
1282655 Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute P2 FIXED Jonathan Hao (inactive) [:jhao] [OA-testing][userContextId][domsecurity-backlog2][tor-testing]
1264567 Tests for first party isolation of localStorage (Tor 13749.1) P2 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1311237 Intermittent browser/components/originattributes/test/browser/browser_favicon_firstParty.js | The favicon image should be loaded through network. - Got http-on-examine-cached-response, expected http-on-examine-response, Test timed out, Found a tab P2 FIXED Tim Huang[:timhuang] [OA][domsecurity-intermittent][tor]
444222 window.name can be used as an XSS attack vector P2 FIXED Tim Huang[:timhuang] [tor][tor-standalone][tor 16620][domsecurity-backlog1] , [wptsync upstream]
1264593 test Isolation on SharedWorker by first party domain (Tor 15564) P2 FIXED Tim Huang[:timhuang] [tor-testing][OA-testing][domsecurity-active][ETA 10/10]
1376973 The favicon of tabs dropdown list does not honor originAttributes. P2 FIXED Tim Huang[:timhuang] [tor][tor 22452][OA][userContextId][domsecurity-active]
1330467 When "privacy.firstparty.isolate" is true, double-key permissions to origin + firstPartyDomain P2 FIXED Gary Chen [:xeonchen] [tor 21569][domsecurity-backlog2]
1301406 The cookies of the top-level page are not keyed with firstPartyDomain when first party isolation is turned on in e10s mode. P3 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-backlog1]
1300182 Intermittent browser/components/originattributes/test/browser/browser_firstPartyIsolation.js | "KO" == "OK" - P3 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [domsecurity-intermittent][tor]
1376971 Isolate Page Info media previews to content first party P3 FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][tor 22327][OA][userContextId][domsecurity-backlog1]
1381197 browser.cookies fails to get/remove cookies by domain/url when privacy.firstparty.isolate = true P3 FIXED Chung-Sheng Fu [:cfu] [OA]
1384657 Pocket doesn't work with privacy.firstparty.isolate set to true P3 FIXED :Gijs (he/him) [tor][dfpi-ok]
1494327 Allow Popups For This Site is not keyed by OriginAttributes P3 FIXED [tor]
1334485 Tracking using intermediate CA caching P3 FIXED [psm-backlog][tor]
1340949 The Sync "Manage Account" link doesn't work properly with First-Party Isolation P3 FIXED
1303062 Turn on first party isolation tests P3 FIXED Jonathan Hao (inactive) [:jhao] [tor-testing][domsecurity-active]
1301617 test for firstParty and userContextId documents with nsIPermissionManager P3 FIXED Jonathan Hao (inactive) [:jhao] [OA-testing][domsecurity-backlog1][tor-testing]
1492607 Prevent postMessage communication across first-party when restrict_opener_access = true P3 FIXED Tim Huang[:timhuang] [domsecurity-backlog1]
1508355 Add a test to make sure "Save Page As" respect First-Party Isolation P5 FIXED Tim Huang[:timhuang] [tor 22343]
1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP redirect -- FIXED Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [tor][domsecurity-active]
1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed -- FIXED Jonathan Hao (inactive) [:jhao]
1334468 Crash in mozilla::OriginAttributes::CreateSuffix when entering ',s."' in url bar with privacy.firstparty.isolate=true -- FIXED Jonathan Hao (inactive) [:jhao]
1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService -- FIXED Jonathan Hao (inactive) [:jhao]
1506693 PDFJS range-based requests violate FPI -- FIXED richard (Tor Project) [tor 26540]
1337629 Add more restrictions to the host parser -- FIXED Valentin Gosu [:valentin] (he/him) [necko-active]
1645861 Make sure external.AddSearchProvider channels obey FPI P2 INVALID Alex Catarineu (Tor Browser dev) [tor 32414][domsecurity-active]
1405884 Isolate indexedDB by OriginAttributes P3 INVALID [tor]
1319031 Shouldn't propagate origin attributes to the new window in rel="noopener" P3 WONTFIX Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi] [OA][tor][domsecurity-backlog1]
1300702 Reload page after toggle privacy.firstparty.isolate pref P3 WONTFIX [tor][domsecurity-backlog1][tor-standalone]
1495241 Isolate service workers and DOM cache by first party domain P3 WONTFIX [tor][domsecurity-backlog1]
1312655 checkbox in about:preferences#privacy for privacy.firstparty.isolate (Tor 20244.2) P3 WONTFIX [tor]
1308607 When "privacy.firstparty.isolate" is true, key permissions to first party domain, not origin (Tor 20317) P3 WONTFIX [tor], [domsecurity-backlog]
1264556 Isolate blob URLs to first party; no blobURLs in Web Workers (Tor 15502) P2 DUPLICATE Anthony Miyaguchi [:amiyaguchi] [tor][domsecurity-active][ETA 11/7]
1264574 Isolate cache to URL bar domain (Tor 13742) P2 DUPLICATE Dave Huseby [:huseby] [tor-testing][OA-testing][domsecurity-backlog1][ETA 11/7]
962374 Isolate/Double-key Content Cache to first party URI (Tor 13742) P2 DUPLICATE Dave Huseby [:huseby] [tor][necko-backlog][ETA 11/7]
1264564 Isolate favicon requests by first party (Tor 13670.1) P2 DUPLICATE Tim Huang[:timhuang] [tor][domsecurity-active][ETA 11/7]
744466 Isolate DOM Storage to first party domain (Tor 6564) P2 DUPLICATE Tim Huang[:timhuang] [tor][ETA 10/10][domsecurity-active]
1301530 First-party Isolation breaks Gmail P3 DUPLICATE [tor] [OA] [domsecurity-backlog1]
1301623 evalInSandbox for firstPartyDomain P3 DUPLICATE [tor][domsecurity-backlog1]
1560580 Isolate Font Cache by OriginAttributes P3 DUPLICATE [tor]
1558648 [FirstPartyIsolation] FPI breaks launching a zoom meeting P3 WORKSFORME [tor][domsecurity-backlog1][sci-exclude][dfpi-ok]

73 Total; 73 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Fusion/Dashboard/First_Party_Isolation&oldid=1203936"