Closed Bug 1336817 Opened 8 years ago Closed 8 years ago

Flash TV streaming service VOOmotion is broken with security.mixed_content.send_hsts_priming=true

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Version:
51 Branch
Platform:
x86_64
Windows 7
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox-esr45 --- unaffected
firefox51 + disabled
firefox52 + disabled
firefox-esr52 --- disabled
firefox53 + disabled
firefox54 + disabled
firefox55 + fixed

People

(Reporter: epinal99-bugzilla2, Assigned: kmckinley)

References

Details

(Keywords: regression, Whiteboard: [domsecurity-active] [hsts-priming])

Issue reported here: https://forum.voo.be/voomotion-11/message-derreur-lorsque-desire-regarder-voomotion-sur-mon-ordi-7245 https://forum.voo.be/bienvenue-sur-le-forum-14/voomotion-message-derreur-sur-suite-a-la-mise-a-jour-de-firefox-5101-7291 https://forums.mozfr.org/viewtopic.php?f=5&t=132401 Customers of ISP VOO.be reported the TV streaming service VOOmotion using Flash is broken after the update to Firefox 51. The issue appears only with FF 32 bits, it works with FF 64 bits. Error: Error code #: 102100 Description: Loading of the specified resource has failed. Runtime Error Code: #43 Runtime Error Message: HTTP_TIME_OUT Resource URL: http://95.182.209.80/voolinear01-drm/ClubRTL/ClubRTL.m3u8?I=887451d7-91f1-4b62-94c1-b1415fad29dc&K=93&E=20170127182505&A=95.182.138.57&H=B4576E014F95A0C35EB1AB5D8E3F547A VOO.be is goint to help with guest account to test and debug.
Keywords: regression
Loic, you're on point for getting the guest account information? If you need QA assistance for regression ranges please work with :stefang. Requesting tracking as a regression to get this on relman radar.
status-firefox51: --- → affected
status-firefox52: --- → affected
status-firefox53: --- → affected
status-firefox54: --- → affected
tracking-firefox51: --- → ?
tracking-firefox52: --- → ?
tracking-firefox53: --- → ?
tracking-firefox54: --- → ?
Flags: needinfo?(epinal99-bugzilla2)
Hello, I'm the engineer working at VOO.be that contacted Abraxas on Geckozone forum. I can help you for test accounts and debug. Please PM me to align. Kind regards, Raph
(In reply to Raphael R from comment #2) > Hello, > > I'm the engineer working at VOO.be that contacted Abraxas on Geckozone forum. > I can help you for test accounts and debug. > > Please PM me to align. > > Kind regards, > Raph Could you send me by email (click on my BMO profile to get my email) the guest account with no georestriction, please. I'll find a regression range.
Flags: needinfo?(raphael.randaxhe)
After some debug with Raphael from VOO.be, it appears the issue is due to the pref security.mixed_content.send_hsts_priming set to true. If the user switches it to false, the player works fine. By default, it should be false in Release (and Beta) after bug 1335224 pushed by add-on system, but that's not always the case if the user has disabled updates (see https://bugzilla.mozilla.org/show_bug.cgi?id=1335224#c14).
Component: Plug-ins → DOM: Security
Flags: needinfo?(raphael.randaxhe)
Flags: needinfo?(epinal99-bugzilla2)
Summary: Flash TV streaming service VOOmotion is broken with Firefox 51 32 bits → Flash TV streaming service VOOmotion is broken with security.mixed_content.send_hsts_priming=true
Blocks: 1313595
Depends on: 1335224
(In reply to Loic from comment #5) > By default, it should be false in Release (and Beta) after bug 1335224 > pushed by add-on system, but that's not always the case if the user has > disabled updates (see > https://bugzilla.mozilla.org/show_bug.cgi?id=1335224#c14). If the user has updates disabled, would they get any fix we'd make here? Given the fact that this _should_ be false for release and beta users, I'm going to mark this fix-optional for 51 and 52.
status-firefox51: affectedfix-optional
status-firefox52: affectedfix-optional
Kate, can you have a look if that is really a regression? If so, we should try to get it fixed. Otherwise feel free to lower the priority on this one.
Assignee: nobody → kmckinley
Flags: needinfo?(kmckinley)
Priority: -- → P1
Whiteboard: [domsecurity-active]
This was handled by bug 1335224, and should be permanent in the next point release. Leaving open to validate after the point release.
Flags: needinfo?(kmckinley)
Are we going to disable HSTS priming for 54 as well?
Flags: needinfo?(ckerschb)
(In reply to Nathan Froyd [:froydnj] from comment #9) > Are we going to disable HSTS priming for 54 as well? Redirecting to Kate!
Flags: needinfo?(ckerschb) → needinfo?(kmckinley)
Priming is still disabled in Beta and Release. Loic, did you get a test account? If so, can you please verify whether this issue exists on Nightly.
Flags: needinfo?(kmckinley) → needinfo?(epinal99-bugzilla2)
I'll try to test again, but I'm not sure the test account is still available.
It works fine in Nightly with security.mixed_content.send_hsts_priming=true.
Flags: needinfo?(epinal99-bugzilla2)
Marking disabled for 54, then.
status-firefox54: affecteddisabled
Whiteboard: [domsecurity-active] → [domsecurity-active] [hsts-priming]
Marking as fixed since it works in Nightly and no further reports.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
status-firefox55: affectedfixed
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.