Closed Bug 1490982 Opened 6 years ago Closed 6 years ago

The green padlock disappears (or "Not Secure" is shown) after opening and closing a notification about a reported profile on Twitter

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla64
Tracking Flags:
Tracking Status
geckoview62 --- unaffected
firefox-esr60 --- unaffected
firefox62 --- unaffected
firefox63 --- unaffected
firefox64 --- fixed

People

(Reporter: jan, Assigned: keeler)

References

(Regression,
URL
)

Details

(Keywords: nightly-community, regression, Whiteboard: [psm-assigned])

Attachments

(3 files)

Screenshot_20180913_150201.png
6.89 KB, image/png
Details
2018-09-13_18-57-52.mp4
1.39 MB, video/mp4
Details
bug 1490982 - filter out OnLocationChange events that aren't top-level in nsSecureBrowserUIImpl r?Gijs
46 bytes, text/x-phabricator-request
Gijs
: review+
Details | Review 
From my perception it is a regression from the last week. I have custom security prefs. I try to find STR. Maybe someone of you has seen the same.
Flags: needinfo?(jan)
I'm not sure what this bug is supposed to tell me :)

    
    

    
  

      
      
      
      

        Attached video
          
        2018-09-13_18-57-52.mp4
      

    


  
Flags: needinfo?(jan)

    
    

    
  
1. Set security.insecure_connection_icon.enabled;true and security.insecure_connection_text.enabled;true
2. Open https://twitter.com/i/notifications and log in.
3. Click on a notification about a reported profile and close it.

Without those two prefs the green lock just disappears, so Fx 64 is affected.

mozregression --good 2018-07-01 --bad 2018-09-13 --pref security.insecure_connection_icon.enabled:true security.insecure_connection_text.enabled:true -a https://twitter.com/i/notifications
> 16:10.26 INFO: Last good revision: 7056aff16fb8124f1d6043538b9947017c4623e4
> 16:10.26 INFO: First bad revision: 2f4adf14e6231a1668558dd78ecbe56a421591b6
> 16:10.26 INFO: Pushlog:
> https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=7056aff16fb8124f1d6043538b9947017c4623e4&tochange=2f4adf14e6231a1668558dd78ecbe56a421591b6

> 2f4adf14e623	Dana Keeler — bug 832834 - reimplement nsSecureBrowserUIImpl r=franziskus,Felipe
Blocks: 832834

          status-firefox62:
          --- → unaffected

          status-firefox63:
          --- → unaffected

          status-firefox64:
          ?affected

          status-firefox-esr60:
          --- → unaffected

          status-geckoview62:
          --- → unaffected
Flags: needinfo?(dkeeler)
Keywords: nightly-community
Summary: "Not Secure" on Twitter after browsing a while on it → The green padlock disappears (or "Not Secure" is shown) after opening and closing a notification about a reported profile on Twitter

    
    

    
  
Is "security.ssl.treat_unsafe_negotiation_as_broken" set to true in your profile?
If you can still reproduce this, running with the environment variable "nsSecureBrowserUI" set to "5" might provide some useful output. Alternatively, have you found another way to reproduce this? I don't happen to have a notification about a reported profile in my twitter account.
Flags: needinfo?(dkeeler) → needinfo?(jan)

    
    

    
  
(In reply to Dana Keeler [:keeler] (she/her) (use needinfo) from comment #5)
> running with the environment variable
> "nsSecureBrowserUI" set to "5"

Er, rather - that should be the environment variable "MOZ_LOG" set to "nsSecureBrowserUI:5".

    
    

    
  
> mozregression --launch 2018-09-13
security.ssl.treat_unsafe_negotiation_as_broken is false (default).

Just report someone (e.g. https://twitter.com/neildeb0 as fake of https://twitter.com/elonmusk) and wait until you get "We received your report over the past hour" after some time. :D

MOZ_LOG=nsSecureBrowserUI:5 mozregression -B debug --launch 2018-09-11 -a https://twitter.com/i/notifications
> 0:58.25 INFO: Assertion failure: aValue.isObject(), at /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3440
Newer debug builds seem to be unusable. :(


MOZ_LOG=nsSecureBrowserUI:5 mozregression -B debug --launch 2018-09-06 -a https://twitter.com/i/notifications

page is loaded:
> 1:28.87 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI GetState 0x7fac1553add0
> 1:28.87 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   mState: 82002
> 1:29.10 INFO: [Child 14403, Main Thread] WARNING: '!window', file /builds/worker/workspace/build/src/dom/cache/CacheStorage.cpp, line 596
> 1:29.26 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI GetState 0x7fac1553add0
> 1:29.26 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   mState: 82002

closed the notification:
> 1:46.69 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   we have a channel 0x7fac013f1878
> 1:46.69 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   we have a security info 0x7fac0092a010
> 1:46.69 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   set mTopLevelSecurityInfo
> 1:46.69 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   have sslStatus 0x7fac0d2f0d60
> 1:46.69 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   calling OnSecurityChange 0x7fac013f1878 80002
> 1:47.33 INFO: [Child 14403, Main Thread] WARNING: '!window', file /builds/worker/workspace/build/src/dom/cache/CacheStorage.cpp, line 596
> 1:49.87 INFO: ++DOMWINDOW == 24 (0x7fac0c468800) [pid = 14403] [serial = 61] [outer = 0x7fac008b1c00]
> 1:49.87 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI 0x7fac1553add0 OnLocationChange: 0x7fac0adb2028 0x7fac0094c358 about:blank 0
> 1:49.87 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   we have a channel 0x7fac0094c358
> 1:49.87 INFO: [Child 14403: Main Thread]: D/nsSecureBrowserUI   calling OnSecurityChange 0x7fac0094c358 4
Flags: needinfo?(jan)

    
    

    
  
Ok - thanks. I can reproduce this now.

    
    

    
  
I think there's another STR, but I wasn't able to narrow it down yet.

    
    

    
  
Looks like loading an iframe and then navigating it to about:blank is sufficient to reproduce.
Assignee: nobody → dkeeler
Component: Site Identity and Permission Panels → Security: PSM
Priority: -- → P1
Product: Firefox → Core
Whiteboard: [psm-assigned]

        Attachment #9009296 -
        Attachment description: bug 1490982 - filter out OnLocationChange events that aren't for our window in nsSecureBrowserUIImpl r?felipe → bug 1490982 - filter out OnLocationChange events that aren't top-level in nsSecureBrowserUIImpl r?Gijs

    
    

    
  
Comment on attachment 9009296 [details]
bug 1490982 - filter out OnLocationChange events that aren't top-level in nsSecureBrowserUIImpl r?Gijs

:Gijs (he/him) has approved the revision.

        Attachment #9009296 -
        Flags: review+

    
    

    
  
Thanks for the reviews! (Also thank you Jan for working with me to figure this out!)
https://treeherder.mozilla.org/#/jobs?repo=try&revision=8b494f9d1e2c40c954c3e349934a4be354cf3d09

    
    

    
  
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/eeac0b5dbb25
filter out OnLocationChange events that aren't top-level in nsSecureBrowserUIImpl r=Gijs

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/eeac0b5dbb25
Status: NEW → RESOLVED
Closed: 6 years ago

          status-firefox64:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
No longer blocks: 832834
Regressed by: 832834
Has Regression Range: --- → yes

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: