Warning that some sites may be corrupted due to user agent strings when Firefox and Chrome versions reach the first three-digit '100'

As of February 2022, the latest versions of

Firefox and Google Chrome are both '97', and in May 2022, both will reach the '100' version number. The developers of both browsers warn that this could corrupt the website that is trying to determine which version of the browser it is.

Version 100 in Chrome and Firefox --Mozilla Hacks --the Web developer blog

Chrome and Firefox soon to reach major version 100

Websites usually do not display different content for each browser. So it doesn't seem necessary to identify 'which browser the user is using'. However, since the 'standard' of the web is not perfect, there are rare cases where it is necessary to determine 'which browser the user is using'. In such cases, the user agent string is used to identify the browser type and version information.

Since the browser sends the user agent string in the HTTP header , the server will be able to identify the browser, but this user agent string can also be accessed using JavaScript such as ' Navigator.userAgent '. Is possible.

However, both Firefox and Chrome are about to reach the '100' major version. When version 100 is reached, the version number changes from 2 digits to 3 digits, so there is a possibility that the website that reads the user agent string using 'Navigator.userAgent' etc. will be damaged. This seems to be a

problem that occurred when the major version of the browser reached '10' 12 years ago and the version number changed from 1 digit to 2 digits.

The problem is that there is no single specification to follow for user agent strings. Since there is no standard specification, the format of the user agent string is different for each browser, and the website side also performs different unique user agent analysis. The Chrome development team pointed out that 'some user agent analysis libraries may be using buggy ones without considering the 3-digit version number.' According to the development team, most user agent analysis libraries have improved their analysis logic to accommodate 3-digit version numbers when the browser version number increases from 1-digit to 2-digit, causing problems. I don't expect it.

In addition, both Firefox and Chrome have repeated experiments to see what happens when a 3-digit number is output as a user agent string in preparation for the major version reaching '100'. This has reported some issues , but most of them have already been fixed .

Still, Chrome and Firefox are both mitigating in preparation for the release of version number '100'. In Chrome, for version '100' or later, the major version is fixed at '99', and the measure is taken to report the major version number in the minor version part of the user agent string, and the

dedicated code has already been completed . increase. For example, in Chrome, the user agent string indicating version '101' is displayed as '99. 101 .498 8.0'. The Chrome development team is also investigating whether it is okay to write a three-digit number in the minor version part, and will decide whether to implement this plan depending on the number and importance of the problem.

On the other hand, Firefox has a rule called Compatibility / Interventions Releases , so Firefox can hotfix it accordingly. You can see what's currently being fixed by typing 'about: compat' in the Firefox URL bar.

If the website is damaged and can no longer be viewed while using version '100' or later, the problem will be addressed by sending the version '99' as the user agent string instead. matter. In addition, if the website is damaged more than expected, the transmission of the major version number may be frozen. Firefox is also expected to send the version number as a minor version number, or send the actual version number via other parameters.

However, strategies that can add complexity to the user agent string are 'potentially impacting the ecosystem,' and measures are being devised to avoid quirky measures.

in Software,   Security, Posted by logu_ii