Closed Bug 1518161 Opened 7 years ago Closed 6 years ago

[fenix beta] Security Testing address bar spoofing bugs for android components/fenix beta

Categories

(Firefox Graveyard :: Security: Review Requests, task, P3)

Product:
Firefox Graveyard
Component:
Security: Review Requests
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: freddy, Assigned: freddy)

References

Details

(Keywords: sec-audit, Whiteboard: audit [waiting for fenix beta in May])

Address bar spoofing has stood out as a common source of problems in our mobile borwsers. With the android components work and the reference browser <https://github.com/mozilla-mobile/reference-browser>, we should ensure that the components are resilient against spoofing, which would hopefully harden our products all across android.
Type: enhancement → task
Keywords: sec-audit
Whiteboard: audit
Whiteboard: audit → audit [waiting for fenix beta in May]

Maybe we should try the new tool google released for our mobile apps, and perhaps also upcoming android components. I haven't looked at it yet, but this is a reminder to do so.

https://github.com/chromium/trickuri

Useful to look test cases from previous bugs https://mzl.la/2VdWhV3

We have identified that there is much more "glue code" in Fenix than what we had originally anticipated. For example, we had previously
though that the awesoembar-component includes all security indicators (TLS, permissions, tracking protection, showing the current websites's URL).

Hence, we will much rather conduct a test of the components and how
they are used in Fenix specifically.

Summary: Security Testing address bar spoofing bugs for android components → [fenix beta] Security Testing address bar spoofing bugs for android components/fenix beta
Depends on: 1554975
Depends on: 1554977
Depends on: 1554984
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.