755284
|
|
Fingerprintable information in update behavior
|
Toolkit
|
Application Update
|
nobody
|
UNCO
|
---
|
2022-12-19
|
379803
|
|
Give content policies information about user initiated action
|
Core
|
DOM: Security
|
nobody
|
UNCO
|
---
|
2023-12-08
|
1041818
|
|
take steps to mitigate canvas fingerprinting
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2023-10-02
|
724179
|
|
Gecko sends cookies and HTTP auth credentials in mixed-content requests
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-10-10
|
1233846
|
|
WebSpeech Synthesis API mustn't allow fingerprinting
|
Core
|
Web Speech
|
nobody
|
NEW
|
---
|
2023-10-02
|
1283320
|
|
Make History aware of userContextId
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
Tue 10:16
|
1297973
|
|
Design UX for presenting userContextId in History UI
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-03-23
|
1315203
|
|
XSHM: Cross Site History Manipulation (information leakage)
|
Core
|
DOM: Navigation
|
nobody
|
NEW
|
---
|
2024-01-01
|
1325874
|
|
Consider seperating page content history for userContextId
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
1336208
|
|
Bundle and whitelist fonts when privacy.resistFingerprinting = true
|
Core
|
Graphics: Text
|
nobody
|
NEW
|
---
|
2024-02-20
|
1302597
|
|
Design UX for presenting userContextId in Awesomebar result
|
Core
|
DOM: Security
|
nobody
|
NEW
|
---
|
2022-10-11
|
572650
|
|
[meta] Reduce the amount of data and entropy sent out in HTTP requests
|
Core
|
Networking: HTTP
|
nobody
|
NEW
|
---
|
2024-03-10
|
566434
|
|
Warn users when user agent isn't default and offer to reset
|
Firefox
|
General
|
nobody
|
NEW
|
---
|
2022-10-10
|
1314443
|
|
Audit the existing disable WebRTC preferences and ensure they work as advertised
|
Core
|
WebRTC
|
tom
|
ASSI
|
---
|
2022-10-11
|
1333933
|
|
Disable/spoof fingerprintable features when privacy.resistFingerprinting = true
|
Core
|
General
|
arthuredelstein
|
RESO
|
FIXE
|
2018-08-22
|
967895
|
|
Prompt (w/ Site Permission) before allowing content to extract canvas data (Tor 6253)
|
Core
|
Graphics: Canvas2D
|
chungshengfu
|
RESO
|
FIXE
|
2021-10-19
|
1039069
|
|
Warn the user that customizing the preferred language list (Accept-Language) can be used for fingerprinting
|
Firefox
|
Settings UI
|
chungshengfu
|
RESO
|
FIXE
|
2018-12-18
|
1217290
|
|
Add fingerprinting resistance for WebGL (Tor 16005)
|
Core
|
Graphics: CanvasWebG
|
chungshengfu
|
RESO
|
FIXE
|
2022-07-07
|
1330876
|
|
use properly contrasting colors if the desktop theme specifies white on black for text colors [tor 6786]
|
Core
|
Graphics: Color Mana
|
chungshengfu
|
RESO
|
FIXE
|
2018-08-22
|
1337161
|
|
Disable navigator.getGamepads() when privacy.resistFingerprinting = true
|
Core
|
DOM: Device Interfac
|
chungshengfu
|
RESO
|
FIXE
|
2022-07-07
|
1330892
|
|
<isindex> leaks user locale
|
Core
|
DOM: HTML Parser
|
nobody
|
RESO
|
FIXE
|
2017-08-15
|
1217238
|
|
Reduce precision of time exposed by Javascript (Tor 1517)
|
Core
|
JavaScript: Standard
|
pohsianghao
|
RESO
|
FIXE
|
2018-08-18
|
1222285
|
|
Keyboard layout is leaked by KeyboardEvent
|
Core
|
DOM: UI Events & Foc
|
tihuang
|
RESO
|
FIXE
|
2024-04-14
|
1333641
|
|
Disable WebSpeech API when privacy.resistFingerprinting is enabled
|
Core
|
Web Speech
|
tihuang
|
RESO
|
FIXE
|
2022-07-07
|
1333651
|
|
Spoofing Navigator API when resisting fingerprinting is enabled
|
Core
|
DOM: Security
|
tihuang
|
RESO
|
FIXE
|
2022-07-07
|
1330890
|
|
Use UTC timezone when privacy.resistFingerprinting = true [tor 16622]
|
Core
|
General
|
tom
|
RESO
|
FIXE
|
2023-03-13
|
1266495
|
|
Consider removing <isindex> from the parser and form submission [tor 18914]
|
Core
|
DOM: HTML Parser
|
hsivonen
|
RESO
|
FIXE
|
2017-08-07
|
820213
|
|
Can't load content from "data" directory into an iframe
|
Add-on SDK Graveyard
|
General
|
nobody
|
RESO
|
INCO
|
2017-09-13
|
680300
|
|
Restrict discoverability of protocol handlers [Tor 1623]
|
Core
|
Networking
|
tihuang
|
RESO
|
FIXE
|
2024-03-11
|
1337157
|
|
privacy.resistFingerprinting should disable WEBGL_debug_renderer_info
|
Core
|
Graphics: CanvasWebG
|
tom
|
RESO
|
FIXE
|
2020-11-28
|
583181
|
|
Don't reveal navigator.buildID to every site on the web
|
Core
|
DOM: Core & HTML
|
cpeterson
|
RESO
|
FIXE
|
2022-07-07
|
724182
|
|
Gecko sends cookies and HTTP auth credentials in cross-domain requests to an unrelated domain for images and scripts that haven't been approved by CORS
|
Core
|
DOM: Security
|
nobody
|
RESO
|
WONT
|
2019-04-23
|
732096
|
|
Add a preference to prevent local font enumeration
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2022-07-07
|
779197
|
|
Use a protocol not accessible from content
|
Add-on SDK Graveyard
|
General
|
nobody
|
RESO
|
WORK
|
2018-01-26
|
1090433
|
|
Possible to track users visits to servers with particular HSTS configurations
|
Core
|
Networking
|
nobody
|
RESO
|
DUPL
|
2017-10-16
|
1314448
|
|
Create a build target that adds --disable-webrtc to the mozconfig
|
Release Engineering
|
General
|
nobody
|
RESO
|
FIXE
|
2018-11-16
|
728952
|
|
Don't expose the SeaMonkey/Firefox patch level (2.10.Y/13.X.Y) in the UA string, only show the major version (2.10/13.X)
|
SeaMonkey
|
General
|
nobody
|
RESO
|
DUPL
|
2018-11-16
|
1308340
|
|
checkbox in about:preferences#privacy for privacy.resistFingerprinting (Tor 20244.1)
|
Firefox
|
Settings UI
|
arthuredelstein
|
RESO
|
WONT
|
2022-12-11
|
1356181
|
|
Gather telemetry for isindex usage
|
Core
|
DOM: Core & HTML
|
hsivonen
|
RESO
|
FIXE
|
2019-03-13
|
811582
|
|
window JS object provides a large amount of identifiable information
|
Core
|
DOM: Core & HTML
|
nobody
|
RESO
|
DUPL
|
2019-03-13
|
903959
|
|
custom resource://foo/ allows fingerprinting addons
|
Core
|
Security
|
nobody
|
RESO
|
DUPL
|
2017-08-30
|
863246
|
|
resource:// URIs leak information (Tor 8725)
|
Core
|
Security
|
chungshengfu
|
VERI
|
FIXE
|
2018-11-23
|
167475
|
|
[URL] Disable external and returning no data protocol handlers in all cases, excluding <A HREF=>
|
Core
|
DOM: Navigation
|
amarchesini
|
VERI
|
FIXE
|
2020-12-03
|