W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 23614] New: accessKeyLabel can expose new information about the user and possibly also other origins

From: <bugzilla@jessica.w3.org>
Date: Wed, 23 Oct 2013 20:05:12 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-23614-2486@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23614

            Bug ID: 23614
           Summary: accessKeyLabel can expose new information about the
                    user and possibly also other origins
           Product: HTML.next
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Keywords: a11y, a11ytf, a11y_focus
          Severity: normal
          Priority: P2
         Component: default
          Assignee: chaals@yandex-team.ru
          Reporter: mark@w3.org
        QA Contact: public-html-bugzilla@w3.org
                CC: ayg@aryeh.name, cooper@w3.org, ian@hixie.ch,
                    laura.lee.carlson@gmail.com, mike@w3.org,
                    mounir@lamouri.fr, public-html-a11y@w3.org,
                    public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org, robin@w3.org,
                    simonp@opera.com
        Depends on: 23613, 10888, 10994

+++ This bug was initially created as a clone of Bug #10994 +++

Since accesskeys are chosen depending on the user's platform and available keys
and available key bindings in the browser/OS, accesskeyLabel exposes that
information about the user which was not possible before, i.e. it increases the
fingerprinting.

Moreover, if a browser considers accesskeys from cross-origin iframes when
assigning a key, accessKeyLabel exposes information about the cross-origin
iframed document (if it uses accesskeys) which was not possible before, e.g. it
might be possible to tell if the user is logged in on the other site.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Wednesday, 23 October 2013 20:05:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC