Closed Bug 1155622 Opened 9 years ago Closed 5 years ago

Notification icon url on untrusted domain crahes in [@ nsAlertsIconListener::OnLoadComplete ]

Categories

(Toolkit Graveyard :: Notifications and Alerts, defect, P3)

Product:
Toolkit Graveyard
Component:
Notifications and Alerts
Version:
37 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1233086

People

(Reporter: alex_tobies, Unassigned)

Details

(Keywords: crash, testcase)

Crash Data

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Steps to reproduce:

Create a new browser notification via:

new Notification('test', {
icon: 'https://some-untrusted-domain.com/icon.jpg'
});

Note: the icon url must be hosted on a source with an untrested ssl certifcate.
Requesting the icon url directly should show an ssl_error_bad_cert_domain error.

Version: 37.0.1
OS: X11 Linux x86_64


Actual results:

firefox crashes


Expected results:

Notification should pop up with no icon
Could you provide a self-contained testcase, please.

In addition, do you have some crash reports (bp-...) in about:crashes?
Flags: needinfo?(alex_tobies)
Keywords: testcase-wanted
Crash report: https://crash-stats.mozilla.com/report/index/f93d3b94-170e-4df0-a404-ae0d42150422

Should i provide a self-contained test with a local server setup?
(e.g. a vagrant box or a docker container?)

If not, you can reproduce the crash on the site http://www.softgarden.io/ as it has an untrusted ssl certficate.
Steps to reproduce:
1. open http://www.softgarden.io/
2. open Firebug and go to console
3. request Notification permission by typing "Notifcation.requestPermissions();" in the console
4. accept the permissions
5. create a new notification by typing the following in the console:
new Notification('test', {
  icon: 'https://www.softgarden.io/wp-content/plugins/sitepress-multilingual-cms/res/flags/de.png'
});
I guess step 3. is "Notification.requestPermission()". 

Anyway, I tried with FF37 on Win 7 with the native web console, FF doesn't crash when I see the 2nd notification.
So it's probably only an issue with FF on Linux.
Severity: normal → critical
Crash Signature: [@ nsAlertsIconListener::OnLoadComplete ]
Component: Untriaged → Notifications and Alerts
Keywords: testcase-wantedcrash, testcase
Product: Firefox → Toolkit
Summary: Notification icon url on untrusted domain crahes firefox → Notification icon url on untrusted domain crahes in [@ nsAlertsIconListener::OnLoadComplete ]
Do you know if it crashed in previous version of Firefox?
> Do you know if it crashed in previous version of Firefox?
No.

I've tested it on OS X (10.7.5) with FF 36.0.1 and 37.0.2. In both version the notification appears but does not show an icon (expected behaviour)
Closing because no crash reported since 12 weeks.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Reopening because crash bugs **with testcases** should not be resolved **as WONTFIX** based on queries of crash-stats.  Other resolutions may be appropriate for other reasons.

(Crash signatures are not the same as bug identity; they're merely a search aid to find and group similar crashes.  The bug may still be present, but the signature may have changed slightly, or the bug may even still be present with the same signature but there are simply no recent reports of crashes in that function.)
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WONTFIX → ---
Status: REOPENED → NEW
Priority: -- → P3

I can't reproduce the crash anymore with libnotify notifications on Linux (XUL notifications are unaffected), but please reopen if you still can. This was likely fixed by the refactor in bug 1233086.

Status: NEW → RESOLVED
Closed: 6 years ago5 years ago
Flags: needinfo?(alex_tobies)
Resolution: --- → DUPLICATE
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.