Closed
Bug 1477070
Opened 6 years ago
Closed 6 years ago
checkIdentity in GeckoViewProgress may need additional state check
Categories
(GeckoView :: General, defect, P1)
Tracking
(geckoview62 wontfix, geckoview64 fixed, firefox63 wontfix, firefox64 fixed, firefox65 fixed)
RESOLVED
FIXED
mozilla65
People
(Reporter: dipen, Assigned: droeh)
Details
Attachments
(1 file)
1.25 KB,
patch
|
snorp
:
review+
RyanVM
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20180605171542
Steps to reproduce:
This potential code issue was identified in a code review of https://bugzilla.mozilla.org/show_bug.cgi?id=1475647
The function currently checks against STATE_IS_BROKEN and returns insecure result. It may also need to check against STATE_IS_INSECURE. Otherwise a null exception may occur below trying to access attributes of secInfo.
Comment 1•6 years ago
|
||
I'm assigning a component, based on the bug mentioned in the description.
Component: Untriaged → Security: PSM
Product: Firefox → Core
Updated•6 years ago
|
Component: Security: PSM → GeckoView
Product: Core → Firefox for Android
Updated•6 years ago
|
Assignee: nobody → droeh
status-firefox63:
--- → wontfix
status-firefox64:
--- → affected
status-geckoview62:
--- → wontfix
Priority: -- → P1
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #9020832 -
Flags: review?(snorp)
Attachment #9020832 -
Flags: review?(snorp) → review+
Pushed by droeh@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/db4262ced509
Add STATE_IS_INSECURE check to checkIdentity in GeckoViewProgress.jsm r=snorp
Comment 4•6 years ago
|
||
bugherder |
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Comment 5•6 years ago
|
||
Is this something we should consider backporting to 64 or can it ride the trains?
Flags: needinfo?(droeh)
Assignee | ||
Comment 6•6 years ago
|
||
Comment on attachment 9020832 [details] [diff] [review]
Add STATE_IS_INSECURE check
[Beta/Release Uplift Approval Request]
Feature/Bug causing the regression: None
User impact if declined: GeckoView apps will potentially mis-report a site's security status in some circumstances.
Is this code covered by automated tests?: No
Has the fix been verified in Nightly?: No
Needs manual test from QE?: No
If yes, steps to reproduce:
List of other uplifts needed: None
Risk to taking this patch: Low
Why is the change risky/not risky? (and alternatives if risky): It's very low risk as it simply adds an additional check on the state of the web progress listener that should have been there in the first place.
String changes made/needed: None.
Flags: needinfo?(droeh)
Attachment #9020832 -
Flags: approval-mozilla-beta?
Comment 7•6 years ago
|
||
Comment on attachment 9020832 [details] [diff] [review]
Add STATE_IS_INSECURE check
[Triage Comment]
Avoids GeckoView apps potentially mis-reporting a site's security status. Approved for 64.0b7.
Attachment #9020832 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 8•6 years ago
|
||
bugherder uplift |
Flags: in-testsuite-
Updated•6 years ago
|
Product: Firefox for Android → GeckoView
Updated•6 years ago
|
Version: 60 Branch → Firefox 60
Updated•6 years ago
|
Version: Firefox 60 → 60 Branch
Updated•6 years ago
|
Target Milestone: Firefox 65 → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•