Closed Bug 1647846 Opened 4 years ago Closed 4 years ago

SafeBrowsing errors (about:blocked) shouldn't get marked as local files

Categories

(Firefox :: Site Identity, defect, P1)

defect

Tracking

()

RESOLVED FIXED
Firefox 80
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox77 --- unaffected
firefox78 --- unaffected
firefox79 + fixed
firefox80 + fixed

People

(Reporter: johannh, Assigned: ewright)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1570678 made it so that we mark unknown about: sites as local to the computer, which I think is fine in general (pending some improvements in bug 1567443). However, about:blocked is one of the cases like about:neterror where the original URI of the site is preserved, thus we show misleading information when we declare that evil.com is stored on your computer.

We should probably just add the same kind of explicit carve-out that we already have for neterror and certerror:

https://searchfox.org/mozilla-central/rev/46e3b1ce2cc120a188f6940b5c6eab6b24530e4f/browser/base/content/browser-siteIdentity.js#724

Set release status flags based on info from the regressing bug 1570678

(In reply to Johann Hofmann [:johannh] from comment #0)

However, about:blocked is one of the cases like about:neterror where the original URI of the site is preserved, thus
we show misleading information when we declare that evil.com is stored on your computer.

Agreed that this sounds less than great. Tracking for 79.

:johanbh Triaging as REO for 79, can you set a priority and severity for this bug?

Flags: needinfo?(jhofmann)
Flags: needinfo?(jhofmann) → needinfo?(nhnt11)

We should find an owner for this. I'll talk to Ethan... I might just pick this up myself.

Severity: -- → S2
Flags: needinfo?(nhnt11)
Priority: -- → P1
Assignee: nobody → ewright
Status: NEW → ASSIGNED
Pushed by ewright@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/02590da07fc9 Blocked pages show as insecure. r=nhnt11
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 80

The patch landed in nightly and beta is affected.
:ewright, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(ewright)

Comment on attachment 9161288 [details]
Bug 1647846 - Blocked pages show as insecure.

Beta/Release Uplift Approval Request

  • User impact if declined: It will appear to the user that blocked pages are saved locally to the user's computer - this is not true. This patch changes the icon and informational text on a blocked page to more correctly reflect the status of the page.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): small JS change done in the same manner as similar pages, covered by a test.
  • String changes made/needed: none
Flags: needinfo?(ewright)
Attachment #9161288 - Flags: approval-mozilla-beta?

Comment on attachment 9161288 [details]
Bug 1647846 - Blocked pages show as insecure.

Approved for 79.0b5.

Attachment #9161288 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: