Open Bug 1659083 Opened 10 months ago Updated 9 months ago

User given search engine alias can override another search engine’s default alias

Categories

(Firefox :: Search, defect, P3)

defect

Tracking

()

Tracking Status
firefox-esr68 --- affected
firefox-esr78 --- affected
firefox79 --- affected
firefox80 --- affected
firefox81 --- affected

People

(Reporter: emilghitta, Unassigned)

Details

Attachments

(1 file)

Attached image @g.gif

Affected versions

  • 81.0a1 (BuildId:20200813092915)
  • 80.0b8 (BuildId:20200813191622)
  • 79.0 (BuildId:20200720193547)
  • 78.1.0esr (BuildId:20200722151235)
  • 68.11.0esr (BuildId:20200720181548)

Affected platforms

  • Windows 10 64bit
  • macOS 10.14
  • Ubuntu 18.04 64bit

Steps to reproduce

  1. Launch Firefox.
  2. Access the about:preferences#search
  3. Add the @google for the Wikipedia Search Engine.
  4. Type @google test inside the address bar.

Expected result

  • Step 3: User is blocked to set the same alias that is already taken (built in) for a different Search Engine.

Actual result

  • The user can set an alias (for a different search engine) with one that is already built in for a specific search engine. On step 4, it seems that the search is going to be performed via Wikipedia.

Regression Range

  • I don’t think that this is a regression since this is reproducible on older builds as well (from 2018)

Notes

  • For further information regarding this issue please observe the attached screencast.
  • [Suggested severity] Since this may affect the search engines built in alias functionality, marking this as S3 seems to fit here.
Has STR: --- → yes

Yeh this code doesnt check anything except the user defined alias @ https://searchfox.org/mozilla-central/source/browser/components/preferences/search.js#522, there was a brief period where it would have prevented @google when I introduce a mistaken fallback but it still wouldnt have worked as expected.

Setting P3 since this has lasted a while, should probably fix this along with the alias cleanup though

Severity: -- → S3
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.