#48 Inconsistencies when FPD logs calls from an iframe element
Opened 2 years ago by xsalon00. Modified 2 years ago

Just found out there is a bug within the extension that hinders FPD precision. I think it's NSCL related because it was introduced during transition between versions 0.6.2 and 0.6.3.
* Make sure that dynamically created iframes are not vulnerable to leaking unwrapped APIs (Update NSCL)

- The bug doubles the total number of calls for every wrapped endpoint accessed through the iframe element.
- The bug somehow causing to call other endpoints when wrapped endpoint is accessed through the iframe element.

Steps to reproduce:
- Visit: https://www.fit.vutbr.cz/~polcak/jsr/fpd/count.html with FPD turned on
- The page access "navigator.vendorSub" three times through the iframe element
- FPD logged the total of 6 accesses to "navigator.vendorSub" in addition to other endpoints
(see fpDb object using background console of the extension)

Expected (pre 0.6.3):

Actual (post 0.6.3):

Login to comment on this ticket.

Attachments 2
Attached 2 years ago View Comment
Attached 2 years ago View Comment