Notification icon url on untrusted domain crahes in [@ nsAlertsIconListener::OnLoadComplete ]

UNCONFIRMED
Unassigned

Status

()

Toolkit
Notifications and Alerts
--
critical
UNCONFIRMED
3 years ago
2 years ago

People

(Reporter: alex_tobies, Unassigned, NeedInfo)

Tracking

({crash, testcase})

37 Branch
x86_64
Linux
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Steps to reproduce:

Create a new browser notification via:

new Notification('test', {
icon: 'https://some-untrusted-domain.com/icon.jpg'
});

Note: the icon url must be hosted on a source with an untrested ssl certifcate.
Requesting the icon url directly should show an ssl_error_bad_cert_domain error.

Version: 37.0.1
OS: X11 Linux x86_64


Actual results:

firefox crashes


Expected results:

Notification should pop up with no icon

Comment 1

3 years ago
Could you provide a self-contained testcase, please.

In addition, do you have some crash reports (bp-...) in about:crashes?
Flags: needinfo?(alex_tobies)
Keywords: testcase-wanted
(Reporter)

Comment 2

3 years ago
Crash report: https://crash-stats.mozilla.com/report/index/f93d3b94-170e-4df0-a404-ae0d42150422

Should i provide a self-contained test with a local server setup?
(e.g. a vagrant box or a docker container?)

If not, you can reproduce the crash on the site http://www.softgarden.io/ as it has an untrusted ssl certficate.
Steps to reproduce:
1. open http://www.softgarden.io/
2. open Firebug and go to console
3. request Notification permission by typing "Notifcation.requestPermissions();" in the console
4. accept the permissions
5. create a new notification by typing the following in the console:
new Notification('test', {
  icon: 'https://www.softgarden.io/wp-content/plugins/sitepress-multilingual-cms/res/flags/de.png'
});

Comment 3

3 years ago
I guess step 3. is "Notification.requestPermission()". 

Anyway, I tried with FF37 on Win 7 with the native web console, FF doesn't crash when I see the 2nd notification.
So it's probably only an issue with FF on Linux.
Severity: normal → critical
Crash Signature: [@ nsAlertsIconListener::OnLoadComplete ]
Component: Untriaged → Notifications and Alerts
Keywords: testcase-wanted → crash, testcase
Product: Firefox → Toolkit
Summary: Notification icon url on untrusted domain crahes firefox → Notification icon url on untrusted domain crahes in [@ nsAlertsIconListener::OnLoadComplete ]

Comment 4

3 years ago
Do you know if it crashed in previous version of Firefox?
(Reporter)

Comment 5

3 years ago
> Do you know if it crashed in previous version of Firefox?
No.

I've tested it on OS X (10.7.5) with FF 36.0.1 and 37.0.2. In both version the notification appears but does not show an icon (expected behaviour)
You need to log in before you can comment on or make changes to this bug.