1659083 - User given search engine alias can override another search engine’s default alias

Status: NEW

(Firefox :: Search, defect, P3)

Description

[Emil Ghitta, QA [:emilghitta]]

Attachment: @g.gif

Affected versions

• 81.0a1 (BuildId:20200813092915)
• 80.0b8 (BuildId:20200813191622)
• 79.0 (BuildId:20200720193547)
• 78.1.0esr (BuildId:20200722151235)
• 68.11.0esr (BuildId:20200720181548)

Affected platforms

• Windows 10 64bit
• macOS 10.14
• Ubuntu 18.04 64bit

Steps to reproduce

1. Launch Firefox.
2. Access the about:preferences#search
3. Add the @google for the Wikipedia Search Engine.
4. Type @google test inside the address bar.

Expected result

• Step 3: User is blocked to set the same alias that is already taken (built in) for a different Search Engine.

Actual result

• The user can set an alias (for a different search engine) with one that is already built in for a specific search engine. On step 4, it seems that the search is going to be performed via Wikipedia.

Regression Range

• I don’t think that this is a regression since this is reproducible on older builds as well (from 2018)

Notes

• For further information regarding this issue please observe the attached screencast.
• [Suggested severity] Since this may affect the search engines built in alias functionality, marking this as S3 seems to fit here.

Comment 1

[Dale Harvey (:daleharvey)]

Yeh this code doesnt check anything except the user defined alias @ https://searchfox.org/mozilla-central/source/browser/components/preferences/search.js#522, there was a brief period where it would have prevented @google when I introduce a mistaken fallback but it still wouldnt have worked as expected.

Setting P3 since this has lasted a while, should probably fix this along with the alias cleanup though