Closed
Bug 1710749
Opened 3 years ago
Closed 3 years ago
Website filter can be bypassed with reader mode
Categories
(Firefox :: Enterprise Policies, defect, P2)
Firefox
Enterprise Policies
Tracking
()
VERIFIED
FIXED
90 Branch
People
(Reporter: mkaply, Assigned: mkaply)
Details
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr78+
|
Details | Review |
From:
https://github.com/mozilla/policy-templates/issues/767
The Website Filter policy is not always useful if the user can simply add about:reader?url= at the beginning of the URL he/she wants to "unblock".
I already have a case for view-source, just need to add about:reader
|
Assignee | |
Comment 1•3 years ago
|
||
|
||
Updated•3 years ago
|
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/abb16f9ad6a3 If a website is blocked via policy, block about:reader r=emalysz
|
||
Comment 3•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox90:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
|
|
Assignee | |
Comment 4•3 years ago
|
||
Comment on attachment 9221815 [details]
Bug 1710749 - If a website is blocked via policy, block about:reader r?emalysz!
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy only change, parity with beta
- User impact if declined: Pages blocked by policy can be viewed in reader mode
- Fix Landed on Version: 90
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Policy only, has test.
- String or UUID changes made by this patch:
Attachment #9221815 -
Flags: approval-mozilla-esr78?
|
||
Comment 5•3 years ago
|
||
Comment on attachment 9221815 [details]
Bug 1710749 - If a website is blocked via policy, block about:reader r?emalysz!
Approved for 78.12esr.
Attachment #9221815 -
Flags: approval-mozilla-esr78? → approval-mozilla-esr78+
|
|
||
Comment 6•3 years ago
|
||
| bugherder uplift | ||
status-firefox-esr78:
--- → fixed
Flags: in-testsuite+
|
||
Updated•3 years ago
|
Flags: qe-verify+
|
||
Updated•3 years ago
|
QA Whiteboard: [qa-triaged]
|
||
Comment 7•3 years ago
•
|
||
Reproduced on Firefox Nightly 90.0a1 (2021-05-11) (20210511093339) on Windows 10.
Verified > Fixed on Firefox Beta 90.0 (20210705185941) and Firefox 78.12.0esr (20210610190845) on Windows 10.
|
|
||
Updated•3 years ago
|
Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•