Closed Bug 1445758 (CVE-2025-9186) Opened 7 years ago Closed 2 months ago

Focus Custom Tabs do not show the top level domain +1 in the address bar

Categories

(Focus :: General, enhancement, P3)

All
Android
enhancement

Tracking

(firefox142+ fixed)

RESOLVED FIXED
142 Branch
Tracking Status
firefox142 + fixed

People

(Reporter: kbrosnan, Assigned: michel)

References

Details

(Keywords: csectype-spoof, sec-low, Whiteboard: [adv-main142+])

Attachments

(1 file)

When displaying long URLs in the address bar after the page is loaded the top level domain +1 should be shown. This should work when the user enters one of these domains into the address bar and when Focus is used as a custom tab. See bug 1432624 and bug 1236431 for some prior art in Firefox for Android https://long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com/ https://longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com/
We might as well unhide this and attempt to forestall dupes
Group: firefox-core-security
Assignee: nobody → ekager

sec-low -> P3

Assignee: ekager → nobody
Priority: -- → P3
Component: Security: Android → General

Changing Severity normal to S3.

Severity: normal → S3

Enhancements should have severity N/A.

Severity: S3 → N/A
Assignee: nobody → michel
See Also: → CVE-2025-8043
Summary: Focus does not show the top level domain +1 in the address bar → Focus Custom Tabs do not show the top level domain +1 in the address bar

The fix for this bug is actually trivial. We only need to set ToolbarFeature.RenderStyle.RegistrableDomain for Custom Tabs instead of ToolbarFeature.RenderStyle.ColoredUrl like in https://hg-edge.mozilla.org/mozilla-central/rev/64d8dfa544cb when custom tabs are used.

I'm just not sure whether I should pass isCustomTabSession or renderStyle to BrowserToolbarIntegration or if this could be just inferred from customTabId being null.

Flags: needinfo?(mcarare)

For the moment you can infer it from the customTabId value since that is the pattern used in that class.

Flags: needinfo?(mcarare)

Could you please review the attached revision?

Flags: needinfo?(mcarare)
Flags: needinfo?(mcarare)

Could you please look again at the attached revision?

Flags: needinfo?(mcarare)
Flags: needinfo?(mcarare)
Pushed by mcarare@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/9777b4b03bbd https://hg.mozilla.org/integration/autoland/rev/68f83bff6a2c Show the registrable domain in Focus Custom Tabs toolbar. r=mcarare,android-reviewers
Pushed by smolnar@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/94989ad268aa https://hg.mozilla.org/integration/autoland/rev/26c9c225e74d Revert "Bug 1445758 - Show the registrable domain in Focus Custom Tabs toolbar. r=mcarare,android-reviewers" for causing perma fenix debug failures @ BrowserToolbarIntegrationTest

Sorry for that. I added a default renderStyle and run the tests locally.

Flags: needinfo?(michel)
Pushed by jonalmeida942@gmail.com: https://github.com/mozilla-firefox/firefox/commit/466ba1301b9d https://hg.mozilla.org/integration/autoland/rev/b2d4d01e0a97 Show the registrable domain in Focus Custom Tabs toolbar. r=mcarare,android-reviewers
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 142 Branch
Whiteboard: [adv-main142+]
Alias: CVE-2025-9186
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: