Closed
Bug 906402
Opened 11 years ago
Closed 11 years ago
security exception when checking signature of favicon (?)
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Firefox 28
People
(Reporter: bugs.m1, Assigned: capella)
References
Details
Attachments
(3 files)
6.20 KB,
text/plain
|
Details | |
3.69 KB,
patch
|
Details | Diff | Splinter Review | |
1.44 KB,
patch
|
mfinkle
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130803215302 Steps to reproduce: Searched websites with "startpage (SSL)" add-on installed. Clicked on any search result. Actual results: Logcat shows security exceptions with every website loading. Expected results: On the surface everything works as expected. I just worry about the exceptions.
Comment 1•11 years ago
|
||
Do you see these when you disable "Startpage (SSL)" ?
Hi Aaron! I disabled every add-on and the culprit is "adblock plus". How can I provide further information? Should I contact the developer of "adblock plus"? Greetz Martin
Comment 3•11 years ago
|
||
It is suggested to file a bug-report over at https://adblockplus.org/forum/viewforum.php?f=11; if the case be that it's an issue on our end discovered in comment, I would imagine we could re-open this.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Assignee | ||
Comment 4•11 years ago
|
||
I had filed this previously ... sounds like a dup and we should close that too https://bugzilla.mozilla.org/show_bug.cgi?id=901939
Comment 6•11 years ago
|
||
(In reply to Aaron Train [:aaronmt] from comment #3) > It is suggested to file a bug-report over at > https://adblockplus.org/forum/viewforum.php?f=11; I disagree - this isn't an Adblock Plus bug. Adblock Plus has been signed correctly but that's not really the point. The problem here is rather that Firefox shouldn't attempt to validate the signature when displaying the extension icon. For reference, the corresponding bug in the desktop Firefox version is bug 726125 which has been resolved a while ago. Note that my comment is based on the description from bug 901939 which has been resolved as a duplicate of this one - there isn't much of a description here.
Assignee | ||
Comment 7•11 years ago
|
||
If you're saying that we can assume extension icons are trusted sources, we can bypass the security check done in Java and provide a working patch for consideration this way.
Assignee | ||
Comment 8•11 years ago
|
||
Comment on attachment 820696 [details] [diff] [review] bug906402 (v0) Ping mfinkle for feedback, not sure who to check with otherwise
Attachment #820696 -
Flags: feedback?(mark.finkle)
Assignee | ||
Comment 9•11 years ago
|
||
new version tightens it up a bit
Assignee: nobody → markcapella
Status: REOPENED → ASSIGNED
Attachment #821632 -
Flags: review?(mark.finkle)
Assignee | ||
Updated•11 years ago
|
Attachment #820696 -
Flags: feedback?(mark.finkle)
Comment 10•11 years ago
|
||
Comment on attachment 821632 [details] [diff] [review] bug906402 (v1) >+ // Addons, extensions, etc Let's make the comment a bit more descriptive: // Don't attempt to validate the JAR signature when loading an add-on icon
Attachment #821632 -
Flags: review?(mark.finkle) → review+
Assignee | ||
Comment 11•11 years ago
|
||
TRY is nice and green: https://tbpl.mozilla.org/?tree=Try&rev=83e7ed66547f
Assignee | ||
Comment 12•11 years ago
|
||
And on we go https://hg.mozilla.org/integration/fx-team/rev/06e480dedcb0 Adblock plus icons for everyone
Comment 13•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/06e480dedcb0
Status: ASSIGNED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 28
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•