Closed Bug 1651636 (CVE-2020-15665) Opened 5 years ago Closed 5 years ago

Clicking "stay on page" (ie cancelling) in beforeunload dialogs should cause us to reset the URL bar

Categories

(Firefox :: Tabbed Browser, defect)

Product:
Firefox
Component:
Tabbed Browser
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 80
Tracking Flags:
Tracking Status
firefox80 --- fixed

People

(Reporter: Gijs, Assigned: Gijs)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-spoof, sec-moderate, Whiteboard: [adv-main80+])

Attachments

(2 files)

Bug 1651636 - reset the address bar when beforeunload prompts close, r?mak!
47 bytes, text/x-phabricator-request
Details | Review
advisory.txt
344 bytes, text/plain
Details

The fact that we don't do this is part of a chain of not-quite-right-things used by https://twitter.com/lbherrera_/status/1280617786088329220 and bug 1333599. AIUI fixing this will break the spoof. There's an old patch to address this in bug 1333599, I think.

Blocks: 1481994

... and a different old patch in bug 1481994

Group: firefox-core-security
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Pushed by gijskruitbosch@gmail.com: https://hg.mozilla.org/integration/autoland/rev/88fef29ec070 reset the address bar when beforeunload prompts close, r=mak

Backed out changeset 88fef29ec070 (bug 1651636) for browser_clearSiteData.js failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&group_state=expanded&selectedTaskRun=YKNizO0HSIGID84rCp9ZDQ.0&searchStr=mochitest-browser-chrome&fromchange=9b5c17afe643590abedc963cb8f8bcd794734dcd&tochange=e1eb9b5914f30e4327ad0f46f03c2808c0ccf2ad

Backout link: https://hg.mozilla.org/integration/autoland/rev/e1eb9b5914f30e4327ad0f46f03c2808c0ccf2ad

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=309883299&repo=autoland&lineNumber=12058

...
[task 2020-07-15T18:56:06.164Z] 18:56:06     INFO - Entering test bound 
[task 2020-07-15T18:56:06.164Z] 18:56:06     INFO - Buffered messages logged at 18:56:02
[task 2020-07-15T18:56:06.164Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Found the service worker registered for https://example.org/browser/browser/components/preferences/tests/siteData//service_worker_test.html - 
[task 2020-07-15T18:56:06.165Z] 18:56:06     INFO - Buffered messages logged at 18:56:04
[task 2020-07-15T18:56:06.165Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | The cache usage should not be 0 - 33792 > 0 - 
[task 2020-07-15T18:56:06.165Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | The quota usage should not be 0 - 49152 > 0 - 
[task 2020-07-15T18:56:06.165Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | The total usage should not be 0 - 168693 > 0 - 
[task 2020-07-15T18:56:06.166Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Check the proper URL is loaded - 
[task 2020-07-15T18:56:06.166Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Element should not be null, when checking visibility - 
[task 2020-07-15T18:56:06.166Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Overlay is visible - 
[task 2020-07-15T18:56:06.167Z] 18:56:06     INFO - found chrome://browser/skin/preferences/preferences.css
[task 2020-07-15T18:56:06.167Z] 18:56:06     INFO - found chrome://global/skin/in-content/common.css
[task 2020-07-15T18:56:06.167Z] 18:56:06     INFO - found chrome://browser/skin/preferences/dialog.css
[task 2020-07-15T18:56:06.167Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | All expectedStyleSheetURLs should have been found - 
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Buffered messages logged at 18:56:05
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Console message: OpenGL compositor Initialized Succesfully.
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Version: 2.1 INTEL-12.9.22
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Vendor: Intel Inc.
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Renderer: Intel Iris OpenGL Engine
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - FBO Texture Target: TEXTURE_2D
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - Buffered messages finished
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - TEST-UNEXPECTED-FAIL | browser/components/preferences/tests/siteData/browser_clearSiteData.js | uncaught exception - TypeError: can't access property "wasPermitUnload", event.detail is null at _setupEventListeners/<@chrome://browser/content/tabbrowser.js:5427:13
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - fireDialogEvent@resource://gre/modules/SharedPromptUtils.jsm:26:14
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - openWindowPrompt@resource:///actors/PromptParent.jsm:269:21
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - receiveMessage@resource:///actors/PromptParent.jsm:110:23
[task 2020-07-15T18:56:06.173Z] 18:56:06     INFO - openPrompt@resource://gre/modules/Prompter.jsm:1182:36
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - openPromptSync@resource://gre/modules/Prompter.jsm:1070:10
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - confirmEx@resource://gre/modules/Prompter.jsm:1447:10
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - confirmEx@resource://gre/modules/Prompter.jsm:298:14
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - promptSiteDataRemoval@resource:///modules/SiteDataManager.jsm:535:34
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - onClear@chrome://browser/content/preferences/dialogs/clearSiteData.js:93:33
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - init/<@chrome://browser/content/preferences/dialogs/clearSiteData.js:58:62
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - testClearData@chrome://mochitests/content/browser/browser/components/preferences/tests/siteData/browser_clearSiteData.js:132:17
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - 
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - Stack trace:
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:simpletestOnerror:2057
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - resource://gre/modules/SharedPromptUtils.jsm:fireDialogEvent:26
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - resource:///actors/PromptParent.jsm:openWindowPrompt:269
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - resource:///actors/PromptParent.jsm:receiveMessage:110
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - resource://gre/modules/Prompter.jsm:openPrompt:1182
[task 2020-07-15T18:56:06.174Z] 18:56:06     INFO - resource://gre/modules/Prompter.jsm:openPromptSync:1070
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - resource://gre/modules/Prompter.jsm:confirmEx:1447
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - resource://gre/modules/Prompter.jsm:confirmEx:298
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - resource:///modules/SiteDataManager.jsm:promptSiteDataRemoval:535
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - chrome://browser/content/preferences/dialogs/clearSiteData.js:onClear:93
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - chrome://browser/content/preferences/dialogs/clearSiteData.js:init/<:58
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - chrome://mochitests/content/browser/browser/components/preferences/tests/siteData/browser_clearSiteData.js:testClearData:132
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - GECKO(1413) | JavaScript error: chrome://browser/content/tabbrowser.js, line 5427: TypeError: can't access property "wasPermitUnload", event.detail is null
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 150
[task 2020-07-15T18:56:06.175Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache2/AppCacheStorage.cpp, line 141
[task 2020-07-15T18:56:06.236Z] 18:56:06     INFO - Console message: [JavaScript Error: "TypeError: can't access property "wasPermitUnload", event.detail is null" {file: "chrome://browser/content/tabbrowser.js" line: 5427}]
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - _setupEventListeners/<@chrome://browser/content/tabbrowser.js:5427:13
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - fireDialogEvent@resource://gre/modules/SharedPromptUtils.jsm:26:14
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - openWindowPrompt@resource:///actors/PromptParent.jsm:269:21
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - receiveMessage@resource:///actors/PromptParent.jsm:110:23
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - openPrompt@resource://gre/modules/Prompter.jsm:1182:36
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - openPromptSync@resource://gre/modules/Prompter.jsm:1070:10
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - confirmEx@resource://gre/modules/Prompter.jsm:1447:10
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - confirmEx@resource://gre/modules/Prompter.jsm:298:14
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - promptSiteDataRemoval@resource:///modules/SiteDataManager.jsm:535:34
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - onClear@chrome://browser/content/preferences/dialogs/clearSiteData.js:93:33
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - init/<@chrome://browser/content/preferences/dialogs/clearSiteData.js:58:62
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - testClearData@chrome://mochitests/content/browser/browser/components/preferences/tests/siteData/browser_clearSiteData.js:132:17
[task 2020-07-15T18:56:06.237Z] 18:56:06     INFO - 
[task 2020-07-15T18:56:06.238Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413: Main Thread]: I/DocShellAndDOMWindowLeak ++DOMWINDOW == 36 (0x116fc6800) [pid = 1413] [serial = 36] [outer = 0x168fd0090]
[task 2020-07-15T18:56:06.264Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: '!window', file /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp, line 578
[task 2020-07-15T18:56:06.264Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: 'mProgress != Progress::ShutdownCompleted', file /builds/worker/checkouts/gecko/dom/serviceworkers/ServiceWorkerShutdownState.cpp, line 57
[task 2020-07-15T18:56:06.264Z] 18:56:06     INFO - GECKO(1413) | [Child 1415, Main Thread] WARNING: NS_ENSURE_TRUE(!mHasOrHasHadOwnerWindow || mOwnerWindow) failed: file /builds/worker/checkouts/gecko/dom/events/DOMEventTargetHelper.cpp, line 291
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, IPDL Background] WARNING: 'aResult.IsReject()', file /builds/worker/checkouts/gecko/dom/workers/remoteworkers/RemoteWorkerController.cpp, line 446
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, IPDL Background] WARNING: 'aResult.IsReject()', file /builds/worker/checkouts/gecko/dom/workers/remoteworkers/RemoteWorkerControllerParent.cpp, line 108
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | The cache usage should not be 0 - 35840 > 0 - 
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, QuotaManager IO] WARNING: '!outputStream', file /builds/worker/checkouts/gecko/dom/quota/ActorsParent.cpp, line 2483
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/dom/quota/ActorsParent.cpp, line 8523
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/dom/quota/ActorsParent.cpp, line 8382
[task 2020-07-15T18:56:06.265Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, QuotaManager IO] WARNING: 'NS_FAILED(rv)', file /builds/worker/checkouts/gecko/dom/quota/ActorsParent.cpp, line 8292
[task 2020-07-15T18:56:06.354Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 180
[task 2020-07-15T18:56:06.622Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Cleared all service workers - 
[task 2020-07-15T18:56:06.887Z] 18:56:06     INFO - TEST-PASS | browser/components/preferences/tests/siteData/browser_clearSiteData.js | Should have the correct permission state. - 
[task 2020-07-15T18:56:06.913Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: '!inner', file /builds/worker/checkouts/gecko/dom/ipc/jsactor/JSWindowActorProtocol.cpp, line 172
[task 2020-07-15T18:56:06.913Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: '!inner', file /builds/worker/checkouts/gecko/dom/ipc/jsactor/JSWindowActorProtocol.cpp, line 172
[task 2020-07-15T18:56:06.948Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 150
[task 2020-07-15T18:56:06.948Z] 18:56:06     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache2/AppCacheStorage.cpp, line 141
[task 2020-07-15T18:56:07.010Z] 18:56:07     INFO - GECKO(1413) | [Parent 1413, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 180
[task 2020-07-15T18:56:07.011Z] 18:56:07     INFO - Leaving test bound
Flags: needinfo?(gijskruitbosch+bugs)
Flags: needinfo?(gijskruitbosch+bugs)
Pushed by gijskruitbosch@gmail.com: https://hg.mozilla.org/integration/autoland/rev/8079eea73df3 reset the address bar when beforeunload prompts close, r=mak

https://hg.mozilla.org/mozilla-central/rev/8079eea73df3

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox80: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 80
Whiteboard: [adv-main80+]
Attached file advisory.txt
Alias: CVE-2020-15665
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: