Closed
Bug 1477070
Opened 5 years ago
Closed 4 years ago
checkIdentity in GeckoViewProgress may need additional state check
Categories
(GeckoView :: General, defect, P1)
Tracking
(geckoview62 wontfix, geckoview64 fixed, firefox63 wontfix, firefox64 fixed, firefox65 fixed)
RESOLVED
FIXED
mozilla65
People
(Reporter: dipen, Assigned: droeh)
Details
Attachments
(1 file)
1.25 KB,
patch
|
snorp
:
review+
RyanVM
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20180605171542 Steps to reproduce: This potential code issue was identified in a code review of https://bugzilla.mozilla.org/show_bug.cgi?id=1475647 The function currently checks against STATE_IS_BROKEN and returns insecure result. It may also need to check against STATE_IS_INSECURE. Otherwise a null exception may occur below trying to access attributes of secInfo.
Comment 1•5 years ago
|
||
I'm assigning a component, based on the bug mentioned in the description.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Component: Security: PSM → GeckoView
Product: Core → Firefox for Android
Updated•4 years ago
|
Assignee: nobody → droeh
status-firefox63:
--- → wontfix
status-firefox64:
--- → affected
status-geckoview62:
--- → wontfix
Priority: -- → P1
Assignee | ||
Comment 2•4 years ago
|
||
Attachment #9020832 -
Flags: review?(snorp)
Attachment #9020832 -
Flags: review?(snorp) → review+
Pushed by droeh@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/db4262ced509 Add STATE_IS_INSECURE check to checkIdentity in GeckoViewProgress.jsm r=snorp
Comment 4•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/db4262ced509
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Comment 5•4 years ago
|
||
Is this something we should consider backporting to 64 or can it ride the trains?
Flags: needinfo?(droeh)
Assignee | ||
Comment 6•4 years ago
|
||
Comment on attachment 9020832 [details] [diff] [review] Add STATE_IS_INSECURE check [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: None User impact if declined: GeckoView apps will potentially mis-report a site's security status in some circumstances. Is this code covered by automated tests?: No Has the fix been verified in Nightly?: No Needs manual test from QE?: No If yes, steps to reproduce: List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): It's very low risk as it simply adds an additional check on the state of the web progress listener that should have been there in the first place. String changes made/needed: None.
Flags: needinfo?(droeh)
Attachment #9020832 -
Flags: approval-mozilla-beta?
Comment 7•4 years ago
|
||
Comment on attachment 9020832 [details] [diff] [review] Add STATE_IS_INSECURE check [Triage Comment] Avoids GeckoView apps potentially mis-reporting a site's security status. Approved for 64.0b7.
Attachment #9020832 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 8•4 years ago
|
||
bugherderuplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/1597b2e3a491
Flags: in-testsuite-
Updated•4 years ago
|
Product: Firefox for Android → GeckoView
Updated•4 years ago
|
Version: 60 Branch → Firefox 60
Updated•4 years ago
|
Version: Firefox 60 → 60 Branch
Updated•4 years ago
|
Target Milestone: Firefox 65 → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•