#48 Inconsistencies when FPD logs calls from an iframe element
Opened 8 months ago by xsalon00. Modified 8 months ago

Just found out there is a bug within the extension that hinders FPD precision. I think it's NSCL related because it was introduced during transition between versions 0.6.2 and 0.6.3.
Specifically:
* Make sure that dynamically created iframes are not vulnerable to leaking unwrapped APIs (Update NSCL)

Description:
- The bug doubles the total number of calls for every wrapped endpoint accessed through the iframe element.
- The bug somehow causing to call other endpoints when wrapped endpoint is accessed through the iframe element.

Steps to reproduce:
- Visit: https://www.fit.vutbr.cz/~polcak/jsr/fpd/count.html with FPD turned on
- The page access "navigator.vendorSub" three times through the iframe element
- FPD logged the total of 6 accesses to "navigator.vendorSub" in addition to other endpoints
(see fpDb object using background console of the extension)

Expected (pre 0.6.3):
062.jpg

Actual (post 0.6.3):
063.jpg


Login to comment on this ticket.

Metadata
Attachments 2
Attached 8 months ago View Comment
Attached 8 months ago View Comment