Package: mozilla-firefox Version: 1.0.4-2 Severity: normal
what should be in user-agent? imho it is beyond its scope to reveal linux distribution and package version. they are not necessary for servers to support the operation of the browser. if there has been discussion before, i still think it should be in the bts. relatively few people use debian and a particular package version, so the information thus contained is far higher than if such details are not included. this allows an attacker to identify a user with high probability. identity theft and other malicious data collection are real problems that are exacerbated by an uncommon user agent string that contains information unnecessary to the operation of the browser. there are, of course, other privacy issues. this is just one. imagine that a particular package version or debian itself is temporarily insecure, even if the ff version is not. every click now advertises that. the user can change the string, but imho it is important to have the default be considered carefully. perhaps the person who customized user agent has carefully thought of these issues and. for whatever reason, doesn't think of them as a problem. but because many people *do* think of them as a problem, i would like for this bug report to continue to exist, even if the maintainer disagrees that it is a problem, for open discussion. thanks. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11--from-2.6.9-proc-config-and-menuconfig Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mozilla-firefox depends on: ii debianutils 2.8.4 Miscellaneous utilities specific t ii fontconfig 2.3.1-2 generic font configuration library ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfontconfig1 2.3.1-2 generic font configuration library ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgtk2.0-0 2.6.4-3 The GTK+ graphical user interface ii libidl0 0.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libkrb53 1.3.6-2 MIT Kerberos runtime libraries hi libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpng12-0 1.2.8rel-1 PNG library - runtime ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-14 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxp6 4.3.0.dfsg.1-14 X Window System printing extension ii libxt6 4.3.0.dfsg.1-14 X Toolkit Intrinsics ii psmisc 21.5-1 Utilities that use the proc filesy ii xlibs 4.3.0.dfsg.1-14 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
