Closed Bug 1480806 Opened Last year Closed Last year

Remove javascript intent filter if unused

Categories

(Firefox for Android :: General, enhancement)

All
Android
enhancement
Not set

Tracking

()

RESOLVED FIXED
Firefox 63
Tracking Status
firefox63 --- fixed

People

(Reporter: petru, Assigned: petru)

References

Details

Attachments

(1 file)

We are registering an Intent filter for URLs using the javascript:// scheme [1]. There are concerns that this could be or become exploitable. If not needed we should remove this filter (Although note that Chrome registers for javascript:// URLS too [2]).

[1] https://dxr.mozilla.org/mozilla-central/rev/a2d65d03e46a9a42b5bee5c2a7864d3f987a8ca7/mobile/android/base/AndroidManifest.xml.in#93
[2] https://cs.chromium.org/chromium/src/chrome/android/java/AndroidManifest.xml?rcl=0c86b6bef6a1eafe81390c58bc4c0ae07e4865a3&l=232
Assignee: nobody → petru.lingurar
Blocks: 1357377
Status: NEW → ASSIGNED
Comment on attachment 8999158 [details]
Bug 1480806 - Remove javascript intent filter if unused

Jim Chen [:jchen] [:darchons] has approved the revision.
Attachment #8999158 - Flags: review+
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/edf053871a39
Remove javascript intent filter if unused r=jchen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/edf053871a39
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
You need to log in before you can comment on or make changes to this bug.