SafeBrowsing errors (about:blocked) shouldn't get marked as local files
Categories
(Firefox :: Site Identity, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | unaffected |
firefox77 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | + | fixed |
firefox80 | + | fixed |
People
(Reporter: johannh, Assigned: ewright)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
Bug 1570678 made it so that we mark unknown about: sites as local to the computer, which I think is fine in general (pending some improvements in bug 1567443). However, about:blocked is one of the cases like about:neterror where the original URI of the site is preserved, thus we show misleading information when we declare that evil.com is stored on your computer.
We should probably just add the same kind of explicit carve-out that we already have for neterror and certerror:
Comment 1•4 years ago
|
||
Set release status flags based on info from the regressing bug 1570678
Comment 2•4 years ago
|
||
(In reply to Johann Hofmann [:johannh] from comment #0)
However, about:blocked is one of the cases like about:neterror where the original URI of the site is preserved, thus
we show misleading information when we declare that evil.com is stored on your computer.
Agreed that this sounds less than great. Tracking for 79.
Comment 3•4 years ago
|
||
:johanbh Triaging as REO for 79, can you set a priority and severity for this bug?
Updated•4 years ago
|
Comment 4•4 years ago
|
||
We should find an owner for this. I'll talk to Ethan... I might just pick this up myself.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 5•4 years ago
|
||
Comment 7•4 years ago
|
||
bugherder |
Comment 8•4 years ago
|
||
The patch landed in nightly and beta is affected.
:ewright, is this bug important enough to require an uplift?
If not please set status_beta
to wontfix
.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 9•4 years ago
|
||
Comment on attachment 9161288 [details]
Bug 1647846 - Blocked pages show as insecure.
Beta/Release Uplift Approval Request
- User impact if declined: It will appear to the user that blocked pages are saved locally to the user's computer - this is not true. This patch changes the icon and informational text on a blocked page to more correctly reflect the status of the page.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): small JS change done in the same manner as similar pages, covered by a test.
- String changes made/needed: none
Comment 10•4 years ago
|
||
Comment on attachment 9161288 [details]
Bug 1647846 - Blocked pages show as insecure.
Approved for 79.0b5.
Comment 11•4 years ago
|
||
bugherder uplift |
Updated•4 years ago
|
Description
•