Closed
Bug 1651665
Opened 4 years ago
Closed 4 years ago
chrome_settings_overrides permits insecure search providers
Categories
(WebExtensions :: General, defect, P1)
WebExtensions
General
Tracking
(firefox-esr78 unaffected, firefox78 unaffected, firefox79 fixed, firefox80 fixed)
RESOLVED
FIXED
mozilla80
Tracking | Status | |
---|---|---|
firefox-esr78 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | --- | fixed |
firefox80 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
In https://hg.mozilla.org/mozilla-central/rev/48dbf3178e91 , the regexp for search_url
, suggest_url
and search_form
was changed to permit localhost
, 127.0.0.1
and [::1]
.
Unfortunately, these regexes did not append a port/host name delimiter after these hosts, so it is possible to bypass the regexp by specifying values like http://localhost.example.com/
.
This should be fixed and uplifted to 79.
Assignee | ||
Updated•4 years ago
|
Assignee: nobody → rob
Status: NEW → ASSIGNED
Updated•4 years ago
|
Severity: -- → S2
Priority: -- → P1
Assignee | ||
Comment 1•4 years ago
|
||
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/b7834f7c0f08
Remove http:-URL validation bypasses from chrome_settings_overrides.search_provider r=mixedpuppy
Comment 3•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
Assignee | ||
Comment 4•4 years ago
|
||
Comment on attachment 9162656 [details]
Bug 1651665 - Remove http:-URL validation bypasses from chrome_settings_overrides.search_provider
Beta/Release Uplift Approval Request
- User impact if declined: Extensions can register search providers with insecure URLs.
Recent regression in 79. - Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The fix consist of making a regexp more strict than what landed in 79 (but still more lax than what already exists in 78 to support bug 1612013). Its functionality is fully covered by unit tests.
- String changes made/needed:
Attachment #9162656 -
Flags: approval-mozilla-beta?
Comment 5•4 years ago
|
||
Comment on attachment 9162656 [details]
Bug 1651665 - Remove http:-URL validation bypasses from chrome_settings_overrides.search_provider
Approved for 79.0b8.
Attachment #9162656 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 6•4 years ago
|
||
bugherder uplift |
Flags: in-testsuite+
Updated•4 years ago
|
Keywords: regression
Updated•4 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•