Closed Bug 1480806 Opened 5 years ago Closed 5 years ago

Remove javascript intent filter if unused

Categories

(Firefox for Android Graveyard :: General, enhancement)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
All
Android
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(firefox63 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 63
Tracking Flags:
Tracking Status
firefox63 --- fixed

People

(Reporter: petru, Assigned: petru)

Details

Attachments

(1 file)

Bug 1480806 - Remove javascript intent filter if unused
46 bytes, text/x-phabricator-request
jchen
: review+
Details | Review 
We are registering an Intent filter for URLs using the javascript:// scheme [1]. There are concerns that this could be or become exploitable. If not needed we should remove this filter (Although note that Chrome registers for javascript:// URLS too [2]).

[1] https://dxr.mozilla.org/mozilla-central/rev/a2d65d03e46a9a42b5bee5c2a7864d3f987a8ca7/mobile/android/base/AndroidManifest.xml.in#93
[2] https://cs.chromium.org/chromium/src/chrome/android/java/AndroidManifest.xml?rcl=0c86b6bef6a1eafe81390c58bc4c0ae07e4865a3&l=232
Assignee: nobody → petru.lingurar
Status: NEW → ASSIGNED
Comment on attachment 8999158 [details]
Bug 1480806 - Remove javascript intent filter if unused

Jim Chen [:jchen] [:darchons] has approved the revision.
Attachment #8999158 - Flags: review+
Keywords: checkin-needed
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/edf053871a39
Remove javascript intent filter if unused r=jchen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/edf053871a39
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.