I propose the following changes to the UA-string:
Bug 55366
The language part currently shows the language of the used chrome
localization. The HTTP explicitly discourages revealing the UI language
to the site. I suggest to always return "en".
We have the Accept-Language HTTP header, which is the official way and
which can be customized by the user.
Later, we could use that pref to determine which language to report in
the UA-string, but I don't know of pages which use the value in the
UA-string or the JavaScript-function, so that is not high on my priority
list.
Bug 57555
Currently, we reveal the exact version number (up to the build number on
newer OSes) of Windows. That allows for targetted attacks to exploit the
known security holes of the particular OS version. I don't see a reason
why I site would *need* to know that, at least non that would justify
the risk for the user. Thus, I have a patch to return on of 3 values:
* "WinNT" for Windows NT 3.x, 4.0, W2K, Windows XP etc.
* "Win9x" for Win95, 98, ME
* "Win" as fallback
Unix and BeOS is already fixed. Mac unknown.
