current session history info visible from menu at chrome:// url

[jsamuel]

imported trac ticket
created: 2009-09-15 08:48:04
reporter: justin

!RequestPolicy has to keep data around about blocked and allowed requests in order to display the menu. However, it shouldn't be easy for someone sitting down at an existing browser session to view internal data structures. That is, we can't hide the data from browser data inspection tools, extension development utilities, process debugging tools, memory dumping, etc., but we should at least keep less savvy users from sitting down at an open firefox session and viewing information about browsing history that may not be otherwise available due to history saving being disabled, etc.

Aerik Knapp-Loomis has discovered that using the url chrome://browser/content/browser.xul and then clicking on the !RequestPolicy menu shows a list of visited domain names during the current session.

I don't consider this to be a major issue as plenty of other information from firefox is available to someone sitting at someone else's logged in system. This particular case should be fixed, though.

[jsamuel]

imported trac comment
created: 2009-09-20 16:01:00
author: justin

Fixed in r275.

[jsamuel]

imported trac comment
created: 2009-10-03 21:37:54
author: justin

Different fix applied in r289. Reverted the changes of r275.