Security/Reviews/Fennec Private Browsing

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Fennec Private Browsing
Target
   
     Full Query    
ID Summary Priority Status
582244 Implement Private Browsing P2 RESOLVED
794502 Tracking bug for platform work required for per-window PB for mobile -- RESOLVED
802251 SecReview: Mobile Private Browsing -- RESOLVED

3 Total; 0 Open (0%); 3 Resolved (100%); 0 Verified (0%);

The given value "
   
     Full Query    
ID Summary Priority Status
582244 Implement Private Browsing P2 RESOLVED
794502 Tracking bug for platform work required for per-window PB for mobile -- RESOLVED
802251 SecReview: Mobile Private Browsing -- RESOLVED

3 Total; 0 Open (0%); 3 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • port same private browsing features we have on desktop to our mobile platform
    • this is a per tab attribute
  • Most of the outstanding work is the platform bugs referenced in pb - the exception is the new tab issue (801646).

What solutions/approaches were considered other than the proposed solution?

  • parity with desktop

Why was this solution chosen?

`

Any security threats already considered in the design and why?

`

Threat Brainstorming

  • a new tab from private tab
    • does not remain private, this is a bug to be fixed (bug 801646)
  • how is UI different from desktop UI ? (it's per window for a start)
  • UI Mockups for tabs? Currently the tab turns purple..
  • test coverage - would like to reuse desktop tests if possible, ones in /browser will need fennec versions
  • identify places where things are written to disk - then determine how they should be handled in private browsing mode
    • for example, adding to the reading list - this is user initiated and maybe should be allowed to be done in pb mode etc ?
  • session restore / OOM killing - fennec can be killed in a low memory situation at any time, and then can be reloaded - we would in that case want to restore PB tabs too
    • We want to include PB tabs on OOM restore
    • don't want to do this in session store - put it in the Android bundle instead (but does this get written to disk ?)
    • chrome does restore private browsing tabs when they're relaunched after an OOM
  • addons - need to make sure they don't have access to anything that's temporarily persisted
    • Currently they will - see the Java / addons bug - 799631 and referenced (review to follow).
  • Property "SecReview feature goal" (as page type) with input value "* port same private browsing features we have on desktop to our mobile platform
      • this is a per tab attribute
    • Most of the outstanding work is the platform bugs referenced in pb - the exception is the new tab issue (801646)." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview threat brainstorming" (as page type) with input value "* a new tab from private tab
      • does not remain private, this is a bug to be fixed (bug 801646)
    • how is UI different from desktop UI ? (it's per window for a start)
    • UI Mockups for tabs? Currently the tab turns purple..
    • test coverage - would like to reuse desktop tests if possible, ones in /browser will need fennec versions
    • identify places where things are written to disk - then determine how they should be handled in private browsing mode
      • for example, adding to the reading list - this is user initiated and maybe should be allowed to be done in pb mode etc ?
    • session restore / OOM killing - fennec can be killed in a low memory situation at any time, and then can be reloaded - we would in that case want to restore PB tabs too
      • We want to include PB tabs on OOM restore
      • don't want to do this in session store - put it in the Android bundle instead (but does this get written to disk ?)
      • chrome does restore private browsing tabs when they're relaunched after an OOM
    • addons - need to make sure they don't have access to anything that's temporarily persisted
      • Currently they will - see the Java / addons bug - 799631 and referenced (review to follow)." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status In Progress
Release Target `
Action Items
   
     Full Query    
ID Summary Priority Status
804596 Places where PB stops writes happening -- RESOLVED
804597 PB Test coverage -- RESOLVED

2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);

The given value "
   
     Full Query    
ID Summary Priority Status
804596 Places where PB stops writes happening -- RESOLVED
804597 PB Test coverage -- RESOLVED

2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.